Exploit Database - Logo

eNdonesia 8.4 - 'banners.php?click Action bid' SQL Injection

EDB-ID: 30226 Author: laurent gaffie Published: 2007-06-22
CVE: CVE-2007-3394 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/24590/info
 
eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify sensitive data, or exploit latent vulnerabilities in the underlying database.
 
eNdonesia 8.4 is vulnerable; other versions may also be affected.

http://www.example.com/banners.php?op=click&bid=-9+union+select+pwd+from+authors/*
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2007-3394
Trying to match OSVDBs (1): 38228
Other Possible E-DB Search Terms: eNdonesia 8.4,  eNdonesia
Date D V Title Author
2012-07-29 Verified eNdonesia - 'cid' SQL InjectionCrim3R
2009-11-04 Verified eNdonesia CMS 8.4 - Local File Inclusions4r4d0
2003-08-27 Verified eNdonesia 8.2/8.3 - 'Mod' Cross-Site ScriptingBahaa Naamneh
2004-08-04 Verified eNdonesia 8.3 - Search Form Cross-Site ScriptingAhmad Muammar
2008-07-30 Verified eNdonesia 8.4 (Calendar Module) - SQL InjectionJack
2006-12-25 Verified eNdonesia 8.4 - '/mod.php/friend.php/admin.php' Multiple Vulnerabilitiesz1ckX(ru)
2007-06-22 Verified eNdonesia 8.4 - 'mod.php?viewarticle Action artid' SQL Injectionlaurent gaffie
2010-09-15 Verified eNdonesia 8.4 - SQL InjectionvYc0d
Menu