LI-countdown SQL Injection Vulnerability Feb 12 2008 07:13PM
sex aaa-aaa net ru

Vendor: LI-Scripts

Vendor's Web Site: http://www.liscripts.net

Software: LI-countdown

Sowtware's Web Site: http://www.liscripts.net/products.php#countdown

Critical Level: Moderate

Type: SQL Injection

Class: Remote

Status: Unpatched

PoC/Exploit: Not Available

Solution: Not Available

Discovered by: http://www.aaa-aaa.net.ru/


1. SQL Injection.

Vulnerable script: countdown.php

Parameter 'years' is not properly sanitized before being used in SQL

query. This can be used to make SQL queries by injecting arbitrary SQL


Condition: magic_quotes_gpc = off


Waiting for developer(s) reply.


No Patch available.


Discovered by: http://aaa-aaa.net.ru/


sex (at) aaa-aaa.net (dot) ru [email concealed]


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus