Exploit

EDB-ID: 30226	Author: laurent gaffie	Published: 2007-06-22
CVE: CVE-2007-3394	Type: Webapps	Platform: PHP
Aliases: N/A	Advisory/Source: Link	Tags: N/A
E-DB Verified:	Exploit: Download / View Raw	Vulnerable App: N/A

« Previous Exploit Next Exploit »

source: http://www.securityfocus.com/bid/24590/info
 
eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify sensitive data, or exploit latent vulnerabilities in the underlying database.
 
eNdonesia 8.4 is vulnerable; other versions may also be affected.

http://www.example.com/banners.php?op=click&bid=-9+union+select+pwd+from+authors/*

Related Exploits

Trying to match CVEs (1): CVE-2007-3394
Trying to match OSVDBs (1): 38228
Other Possible E-DB Search Terms: eNdonesia 8.4, eNdonesia

Date	Title	Author
2012-07-29	eNdonesia - 'cid' Parameter SQL Injection	Crim3R
2009-11-04	eNdonesia CMS 8.4 - Local File Inclusion	s4r4d0
2003-08-27	eNdonesia 8.2/8.3 - Mod Parameter Cross-Site Scripting	Bahaa Naamneh
2004-08-04	eNdonesia 8.3 - Search Form Cross-Site Scripting	Ahmad Muammar
2008-07-30	eNdonesia 8.4 (Calendar Module) - SQL Injection	Jack
2006-12-25	eNdonesia 8.4 - 'mod.php/friend.php/admin.php' Multiple Vulnerabilities	z1ckX(ru)
2007-06-22	eNdonesia 8.4 - mod.php viewarticle Action artid Parameter SQL Injection	laurent gaffie
2010-09-15	eNdonesia 8.4 - SQL Injection	vYc0d

eNdonesia 8.4 - banners.php click Action bid Parameter SQL Injection

Related Exploits