eNdonesia 8.4 mod.php viewarticle Action artid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/24590/info eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

Sql injection

Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to 1 previews.php and 2 reviews.php, and the 3 id parameter to index.php in a viewarticle action...

Mambo Component Articles - artid Blind SQL Injection

Mambo Component Articles - artid Blind SQL Injection !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " \n"; print " Mambo Component Articles Blind SQL Injection Exploit \n"; print " Author:Ded MustD!e www.antichat.ru \n"; print " \n"; print " Dork :...

PHP-Nuke Module Kose_Yazilari (artid) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================= PHP-Nuke Module KoseYazilari artid SQL Injection Vulnerability ================================================================= CoRPITX Turkey PHP-Nuke KoseYazilari SQL...

PHP-Nuke Docum模块'artid' SQL注入漏洞

BUGTRAQ ID: 27912 CNCAN ID:CNCAN-2008022208 PHP-Nuke Docum模块是一款基于PHP的WEB应用程序。 PHP-Nuke Docum模块不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于脚本对用户提交的'artid'参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 PHP-Nuke Module Docum 目前没有详细解决方案提供： http://www.phpnuke.org/...

Sql injection

Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the 1 artid parameter to mod.php in a viewarticle action publisher mod and the 2 bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are...

CVE-2006-2857

SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action viewarticleaction.class.php...

Sql injection

SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action viewarticleaction.class.php...

CVE-2006-2857

The CVE-2006-2857 entry affects LifeType 1.0.4 and describes an SQL injection in index.php (articleId parameter in the ViewArticle action). The underlying issue is failure to sanitize user input, enabling an unauthenticated attacker to manipulate database queries. The vulnerability can lead to ar...