Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[Full-disclosure] ZH2006-20 SA: CosmicShoppingCart Multiple Vulnerabilities

Morris Guestbook v1

Smile  Guestbook v1

Pretty Guestbook v1

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	27.05.2006
Subject:	Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

ENGLISH

# Title  :   Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

# Author :   ajann

# Exploit;

SQL INJECTİON--------------------------------------------------------

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL TEXT

###http://[target]/[path]/admin/index.asp

Email address:  SQL TEXT
Password: SQLTEXT

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL TEXT

###post_message.asp

Message Subject: SQL TEXT

Message Text: SQL TEXT

.
..
.....


# ajann,Turkey


TURKISH

# Baslık          :   Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities
# Açığı Bulan     :   ajann
# Açık bulunan dosyalar;

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL SORGUNUZ

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL SORGUNUZ

###http://[target]/[path]/admin/index.asp

Email address:  SORGUNUZ
Password: SORGUNUZ

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL SORGUNUZ

###post_message.asp

Message Subject: SORGUNUZ

Message Text: SORGUNUZ

.
..
.....

Acıklama:
Kısacası bütün dosyalarda : ) bulunan filtrelem eksikliği nedeniyle dbden bilgi
cekilebilmektedir.

# ajann,Turkiye