TITLE: ====== Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities SEVERITY: ========= Medium SOFTWARE: ========= Land Down Under version 801 and prior Support Website : http://www.neocrome.net INFO: ===== Land Down Under is a multiple portal system which includes many different options like forum, statistic, site map, article menu and many more. The portal is powered by PHP and MySQL. BUG DESCRIPTION: =============== The portal system is vulnerable to various sql injection attacks, here are some examples: http://localhost/ldu/events.php?c=' http://localhost/ldu/events.php?f=incoming&c=' http://localhost/ldu/events.php?c=%27 http://localhost/ldu/events.php?f=incoming&c=%27 http://localhost/ldu/index.php?c=' http://localhost/ldu/index.php?c=%27 http://localhost/ldu/list.php?c='&s=title&w=asc&o=1&p=1 http://localhost/ldu/list.php?c=%27&s=title&w=asc&o=1&p=1 VENDOR STATUS: ============== The vendor was contacted using the contacts link on the main page. No response recieved till date. CREDITS: ======== This vulnerability was discovered and researched by - matrix_killer of h4cky0u Security Forums. mail : matrix_k at abv.bg web : http://www.h4cky0u.org Greets to all omega-team members ORIGINAL: ========= http://h4cky0u.org/viewtopic.php?t=2371