Digital Interchange Document Library SQL Injection

2011-11-08 / 2011-11-09
Credit: L0rd CrusAd3r aka VSN
Risk: High
Local: No
Remote: Yes
CVE: CVE-2010-5021
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Exploit Title:Digital Interchange Document Library SQL Vulnerability Vendor url:http://www.digitalinterchange.com Version:5.8.5 Cost: $129 USD Published: 2010-06-14 Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to all ICW members. Spl Greetz to:inj3ct0r.com Team ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~ Description: The Digital Interchange Document library allows you to easily and seamlessly store your documents online! The administration area is a secured area with an intuitive interface that will let you manage all of your documents from any location with an internet connection. By storing your documents in folders you setup in the Document Library, you will be able to quickly and easily organize and access the information you need most. ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~ Vulnerability: *SQL Vulnerability DEMO URL:http://library.digitalinterchange.com/view_group.asp?intGroupID=[sqli] # 0day n0 m0re # # L0rd CrusAd3r #

References:

http://xforce.iss.net/xforce/xfdb/59397
http://www.vupen.com/english/advisories/2010/1461
http://www.securityfocus.com/bid/40819
http://www.exploit-db.com/exploits/13859
http://secunia.com/advisories/40160
http://packetstormsecurity.org/1006-exploits/digitalinterchangelibrary-sql.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top