LI-countdown SQL Injection Vulnerability Feb 12 2008 07:13PM
sex aaa-aaa net ru

Vendor: LI-Scripts

Vendor's Web Site:

Software: LI-countdown

Sowtware's Web Site:

Critical Level: Moderate

Type: SQL Injection

Class: Remote

Status: Unpatched

PoC/Exploit: Not Available

Solution: Not Available

Discovered by:


1. SQL Injection.

Vulnerable script: countdown.php

Parameter 'years' is not properly sanitized before being used in SQL

query. This can be used to make SQL queries by injecting arbitrary SQL


Condition: magic_quotes_gpc = off


Waiting for developer(s) reply.


No Patch available.


Discovered by:


sex (at) (dot) ru [email concealed]

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus