RW-Download 4.0.6 sql injection vulnerability and fix-vulnerability warning-the black bar safety net

2011-02-28T00:00:00
ID MYHACK58:62201129580
Type myhack58
Reporter 佚名
Modified 2011-02-28T00:00:00

Description

|

RW-Download is a supporting template and multilanguage version of upload and download system. RW-Download 4.0.6 version of the index. php existssql injectionvulnerabilities that could lead to sensitive information disclosure.

[+]info: ~~~~~~~~~ //Title ||=> RW-Download v4. 0. 6 => (index.php) SQL Injection Vulnerability //Secript ||=> RW-Download //Language||=> Php //Download||=> http://traidnt.net/vb/attachment.php?attachmentid=72765&d=1 1 5 7 8 0 6 6 0 2 //Date ||=> 2011-01-30 //version ||=> 4.0.6 //D0rk ||=> "Powered by RW-Download v4. 0. 6" //info ||=> By Dr.Net , Abdullah hacker team , || My Email : xdr.netx@Gmail.com

[+]poc: ~~~~~~~~~ // |=> <http://localhost/index.php?dlid=1> <== { SQL Injection } //*Admin Page // |=> <http://localhost/admin.php>

[+]Reference: ~~~~~~~~~ <http://www.exploit-db.com/exploits/16080>

Fix:

Without him, the only filter at