FreeDomain.co.nr Clone SQL Injection

2007.07.10

Credit: teh_lost_byte

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-3575

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

FreeDomain.co.nr Clone SQL Injection
Auth0r: Kw3rln from Romanian Security Team
Link: hTTp://RSTZONE.NET

On members.php we have: 
#14: $logindomain = $_POST["logindomain"];
#41: $login=login_user($logindomain,$loginpass);

in includes/functions we have:
function login_user($user_name, $pass_word) {
global $redir_table;
// form our sql query
$result = mysql_query("SELECT * FROM $redir_table WHERE host ='$user_name'") or die (mysql_error());

Exploit s00n
greetz to all RST memberz

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

FreeDomain.co.nr Clone SQL Injection

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

FreeDomain.co.nr Clone SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.