New eVuln Advisory:
BirthSys SQL Injection Vulnerability
http://evuln.com/vulns/74/summary.html
--------------------Summary----------------
eVuln ID: EV0074
CVE: CVE-2006-0775
Software: BirthSys
Sowtware's Web Site: http://clvfoto.free.fr/site/download.php3
Versions: 3.1
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched. No reply from developer(s)
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
-----------------Description---------------
Vulnerable script: show.php
Variables $month $date are not properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.
--------------Exploit----------------------
Available at: http://evuln.com/vulns/74/exploit.html
--------------Solution---------------------
No Patch available.
--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum