Dokeos <= 1.8.0 (my_progress.php course) Remote SQL Injection Exploit

No description provided by source...

CVE-2007-2902

SQL injection vulnerability in main/auth/myprogress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter...

Dokeos 1.8.0 - my_progress.php?course SQL Injection

Dokeos 1.8.0 - myprogress.php?course SQL Injection !/usr/bin/perl -w Dokeos = 1.8.0 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code myprogress.php: ifisset$GET'course' $sqlInfosCourse = "SELECT course.code,...