Land Down Under versions 801 and below suffer from multiple SQL injection vulnerabilities. Full details provided.
d2b508373b14a63e311f6bd4f062bb809fa0835d4ab70151cad0ae5ebf03a0edTITLE:
======
Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities
SEVERITY:
=========
Medium
SOFTWARE:
=========
Land Down Under version 801 and prior
Support Website : http://www.neocrome.net
INFO:
=====
Land Down Under is a multiple portal system which includes many different options like
forum, statistic, site map, article menu and many more. The portal is powered by PHP and
MySQL.
BUG DESCRIPTION:
===============
The portal system is vulnerable to various sql injection attacks, here are some examples:
http://localhost/ldu/events.php?c='
http://localhost/ldu/events.php?f=incoming&c='
http://localhost/ldu/events.php?c=%27
http://localhost/ldu/events.php?f=incoming&c=%27
http://localhost/ldu/index.php?c='
http://localhost/ldu/index.php?c=%27
http://localhost/ldu/list.php?c='&s=title&w=asc&o=1&p=1
http://localhost/ldu/list.php?c=%27&s=title&w=asc&o=1&p=1
VENDOR STATUS:
==============
The vendor was contacted using the contacts link on the main page.
No response recieved till date.
CREDITS:
========
This vulnerability was discovered and researched by -
matrix_killer of h4cky0u Security Forums.
mail : matrix_k at abv.bg
web : http://www.h4cky0u.org
Greets to all omega-team members
ORIGINAL:
=========
http://h4cky0u.org/viewtopic.php?t=2371
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed