Exploit e107 Advanced Medal System Plugin - SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
26449
Проверка EDB
  1. Пройдено
Автор
LIFE WASTED
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2013-06-26
Код:
# Exploit Title: Advanced Medal System SQL Injection
# Google Dork: inurl:advmedsys_view.php
# Date: 6/18/13
# Exploit Author: Life Wasted and Caspa
# Vendor Homepage: http://e107.org/e107_plugins/psilo/list.php?mode=plugin&id=699
# Software Link: http://e107.org/e107_plugins/psilo/psilo.php?download.699
# Version: 1.42
# Tested On: Linux

Vulnerable Code (advmedsys_view.php):
// Lines 17-23
if (e_QUERY) {
        $tmp = explode('.', e_QUERY);
        $action = $tmp[0];
        $sub_action = $tmp[1];
        $id = $tmp[2];
        unset($tmp);
}
// Line 232
$sql->db_Select("advmedsys_awarded", "*", "WHERE awarded_user_id = $sub_action","");

Example URL: http://site.com/plugins/advmedsys_view.php?profile.*SQL HERE*
 
Источник
www.exploit-db.com

Похожие темы