0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Esselbach Storyteller CMS System Version 1.8 SQL Injection Vulnerability
# Exploit Title: Esselbach Storyteller CMS System Version 1.8 [page.php] Remote SQL Injection Vulnerability # Date: March, 9th 2011 [GMT +7] # Author: Shamus # Software Link: http://www.esselbach.com/ # Version : Esselbach Storyteller CMS System Version 1.8 # Tested on: windows # CVE : - ----------------------------------------------------------------------------------------- Esselbach Storyteller CMS System Version 1.8 [page.php] Remote SQL Injection Vulnerability ----------------------------------------------------------------------------------------- Author : Shamus Date : March, 9th 2011 [GMT +7] Location : Solo && Jogjakarta, Indonesia Web : http://antijasakom.net/forum Critical Lvl : Moderate Impact : Exposure of sensitive information Where : From Remote --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Esselbach Storyteller CMS System Version : Esselbach Storyteller CMS System Version 1.8 Vendor : esselbach Download : http://www.esselbach.com/page5.html Description : Storyteller CMS is a powerful Content Management System written in the PHP scripting language and designed for high traffic websites. It supports up to 99 websites in the same database and is ready for the next MySQL generation with InnoDB tables. -------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~ A weakness has been discovered Esselbach Storyteller CMS System. Where an attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. This vulnerability identified in the path "page.php". PoC/Exploit: ~~~~~~~~~~ SQL injection vulnerability affects: http://localhost.com/page.php?id=[Injection Query] Dork: ~~~~~ Google : powered by Esselbach Storyteller CMS System Version 1.8 Solution: ~~~~~ - Your script should filter metacharacters from user input. - Edit the source code to ensure that input is properly verified. Timeline: ~~~~~~~ - 01 - 03 - 2011 bug found - 02 - 03 - 2011 vendor contacted and response [asked about the detail attack] - 03 - 03 - 2011 still contacted vendors - 04 - 03 - 2011 vendors have released patches [http://www.contentteller.com/forums/threads/security-sql-injection-vulnerability-in-storyteller-cms.1148/] - 09 - 03 - 2011 Advisories release --------------------------------------------------------------------------- Shoutz: ~~~~~~~ oO0::::: Greetz and Thanks: :::::0Oo. Tuhan YME My Parents SPYRO_KiD K-159 lirva32 newbie_campuz And Also My LuvLy wife : ..::.E.Z.R (The deepest Love I'v ever had..).::.. in memorial : 1. Monique 2. Dewi S. 3. W. Devi Amelia 4. S. Anna oO0:::A hearthy handshake to: :::0Oo ~ Crack SKY Staff ~ Echo staff ~ antijasakom staff ~ jatimcrew staff ~ whitecyber staff ~ lumajangcrew staff ~ devilzc0de staff ~ unix_dbuger, boys_rvn1609, jaqk, byz9991, bius, g4pt3k, anharku, wandi, 5yn_4ck, kiddies, bom2, untouch, antcode ~ arthemist, opt1lc, m_beben, gitulaw, luvrie, poniman_coy, ThePuzci, x-ace, newbie_z, petunia, jomblo.k, hourexs_paloer, cupucyber, kucinghitam, black_samuraixxx, ucrit_penyu, wendys182, cybermuttaqin ~ k3nz0, thomas_ipt2007, blackpaper, nakuragen, candra, dewa ~ whitehat, wenkhairu, Agoes_doubleb, diki, lumajangcrew a.k.a adwisatya a.k.a xyberbreaker, wahyu_antijasakom ~ Cruz3N, mywisdom,flyff666, gunslinger_, ketek, chaer.newbie, petimati, gonzhack, spykit, xtr0nic, N4ck0, assadotcom, Qrembiezs, d4y4x, gendenk, si bD, Jimmy Deadc0de, Rede Deadc0de ~ All people in SMAN 3 ~ All members of spyrozone ~ All members of echo ~ All members of newhack ~ All members of jatimcrew ~ All members of Anti-Jasakom ~ All members of whitecyber ~ All members of Devilzc0de ~ All members of Kaskus - "Especially Regional Solo Kaskus" #e-c-h-o, #K-elektronik, #newhack, #Solohackerlink, #YF, #defacer, #manadocoding, #jatimcrew, #antijasakom, #whitecyber, #devilzc0de --------------------------------------------------------------------------- # 0day.today [2024-12-24] #