Camfrog.com SQL Injection

2009-08-25T00:00:00
ID PACKETSTORM:80603
Type packetstorm
Reporter unu
Modified 2009-08-25T00:00:00

Description

                                        
                                            `Camfrog.com suffers from a remote SQL injection vulnerability  
  
Millions of accounts are exposed  
  
Vulnerable parameter: popular.php?orderby=&st=dir&r=&cg=  
  
Available database: information_schema, cf, cf_gift, cf_image, cf_online  
  
Users password are in CLEAR TEXT !!!  
  
More on http://unu1234567.wordpress.com/2009/08/24/camfrog-com-sql-injection-full-database-acces/`