source: http://www.securityfocus.com/bid/24590/info eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify sensitive data, or exploit latent vulnerabilities in the underlying database. eNdonesia 8.4 is vulnerable; other versions may also be affected. http://www.example.com/banners.php?op=click&bid=-9+union+select+pwd+from+authors/*
Related Exploits
Trying to match CVEs (1): CVE-2007-3394Trying to match OSVDBs (1): 38228
Other Possible E-DB Search Terms: eNdonesia 8.4, eNdonesia
Date | D | V | Title | Author |
---|---|---|---|---|
2012-07-29 |
![]() |
eNdonesia - 'cid' SQL Injection | Crim3R | |
2009-11-04 |
![]() |
eNdonesia CMS 8.4 - Local File Inclusion | s4r4d0 | |
2003-08-27 |
![]() |
eNdonesia 8.2/8.3 - 'Mod' Cross-Site Scripting | Bahaa Naamneh | |
2004-08-04 |
![]() |
eNdonesia 8.3 - Search Form Cross-Site Scripting | Ahmad Muammar | |
2008-07-30 |
![]() |
eNdonesia 8.4 (Calendar Module) - SQL Injection | Jack | |
2006-12-25 |
![]() |
eNdonesia 8.4 - '/mod.php/friend.php/admin.php' Multiple Vulnerabilities | z1ckX(ru) | |
2007-06-22 |
![]() |
eNdonesia 8.4 - 'mod.php?viewarticle Action artid' SQL Injection | laurent gaffie | |
2010-09-15 |
![]() |
eNdonesia 8.4 - SQL Injection | vYc0d |