ColdBookmarks 1.22 SQL Injection Vulnerability

2010-09-07 18:15:21

# ColdGen - coldbookmarks v1.22 Remote 0day SQL Injection vulnerability
# Vendor: http://www.coldgen.com/
# Found by: mr_me (net-ninja.net)

PoC
http://[target]/[path]/index.cfm?fuseaction=EditBookmark&BookmarkID=[SQLi]&CFID=XXXXXX&CFTOKEN=XXXXXXXX

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.