CVE-2009-1362
published 2009-04-22CVE-2009-1362: SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name…
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.82%
52.6th percentile
SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chcounter | chcounter | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
chCounter - indirect SQL Injection / Cross-Site Scripting
exploitdb·2010-04-29
CVE-2009-1362 chCounter - indirect SQL Injection / Cross-Site Scripting
chCounter - indirect SQL Injection / Cross-Site Scripting
---
# Exploit Title: chCounter indirect SQL Injection and XSS Vulnerabilities
# Date: 29.04.2010
# Author: Valentin
# Category: webapps/0day
# Version: 3.1.1
# Tested on: Debian, Apache2, PHP5, MySQL5
# CVE :
# Code :
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = chCounter indirect SQL Injection and XSS Vulnerabilities
Author = Valentin Hoebel
Contact = [email protected]
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = chCounter
Vendors = Berti, Christoph Bachner
Vendor Website = http://chcounter.org/
Affected Version(s) = 3.1.1
chCounter is a counter tool. Simply implement
Exploit-DB
chCounter 3.1.3 - Authentication Bypass
exploitdb·2009-04-16
CVE-2009-1362 chCounter 3.1.3 - Authentication Bypass
chCounter 3.1.3 - Authentication Bypass
---
########################################################################################################################
#chCounter 3.1.3 Login Bypass
#=======================================================================================================================
#
#Critical Level : Dangerous
#
#Vendor site : http://chcounter.org/
#
#Download : http://chcounter.org/chCounter3/getfile.php?id=5
#
#dorks: "chCounter 3.1.3" Künftig automatisch einloggen or "chCounter 3.1.3"
#
#=======================================================================================================================
#
#
#Information :
#--------------------------------
#Need: magic quotes = off
#
#Exploit :
#--------------------------------
#
#http://www.[URL]//
No writeups or analysis indexed.
2009-04-22
Published