Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12845
HistoryMay 27, 2006 - 12:00 a.m.

Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

2006-05-2700:00:00
vulners.com
4

ENGLISH

Title : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

Author : ajann

Exploit;

SQL INJECTİON--------------------------------------------------------

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL TEXT

###http://[target]/[path]/admin/index.asp

Email address: SQL TEXT
Password: SQLTEXT

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL TEXT

###post_message.asp

Message Subject: SQL TEXT

Message Text: SQL TEXT

.

ajann,Turkey

TURKISH

Baslık : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

Aзığı Bulan : ajann

Aзık bulunan dosyalar;

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL SORGUNUZ

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL SORGUNUZ

###http://[target]/[path]/admin/index.asp

Email address: SORGUNUZ
Password: SORGUNUZ

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL SORGUNUZ

###post_message.asp

Message Subject: SORGUNUZ

Message Text: SORGUNUZ

.

Acıklama:
Kısacası bьtьn dosyalarda : ) bulunan filtrelem eksikliği nedeniyle dbden bilgi
cekilebilmektedir.

ajann,Turkiye