Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

LI-countdown SQL Injection Vulnerability
From: sex () aaa-aaa net ru
Date: 12 Feb 2008 19:13:45 -0000
--------------------Summary---------------- 
Vendor: LI-Scripts 
Vendor's Web Site: http://www.liscripts.net 
Software: LI-countdown 
Sowtware's Web Site: http://www.liscripts.net/products.php#countdown
Critical Level: Moderate 
Type: SQL Injection 
Class: Remote 
Status: Unpatched 
PoC/Exploit: Not Available 
Solution: Not Available 
Discovered by: http://www.aaa-aaa.net.ru/

-----------------Description--------------- 
1. SQL Injection. 

Vulnerable script: countdown.php 

Parameter 'years' is not properly sanitized before being used in SQL 
query. This can be used to make SQL queries by injecting arbitrary SQL 
code. 

Condition: magic_quotes_gpc = off 

--------------PoC/Exploit---------------------- 
Waiting for developer(s) reply. 

--------------Solution--------------------- 
No Patch available. 

--------------Credit----------------------- 
Discovered by: http://aaa-aaa.net.ru/


Regards, 
sex () aaa-aaa net ru
http://www.aaa-aaa.net.ru/

  By Date           By Thread  

Current thread:
  • LI-countdown SQL Injection Vulnerability sex (Feb 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]