22 lines
No EOL
724 B
Text
22 lines
No EOL
724 B
Text
# Exploit Title: Advanced Medal System SQL Injection
|
|
# Google Dork: inurl:advmedsys_view.php
|
|
# Date: 6/18/13
|
|
# Exploit Author: Life Wasted and Caspa
|
|
# Vendor Homepage: http://e107.org/e107_plugins/psilo/list.php?mode=plugin&id=699
|
|
# Software Link: http://e107.org/e107_plugins/psilo/psilo.php?download.699
|
|
# Version: 1.42
|
|
# Tested On: Linux
|
|
|
|
Vulnerable Code (advmedsys_view.php):
|
|
// Lines 17-23
|
|
if (e_QUERY) {
|
|
$tmp = explode('.', e_QUERY);
|
|
$action = $tmp[0];
|
|
$sub_action = $tmp[1];
|
|
$id = $tmp[2];
|
|
unset($tmp);
|
|
}
|
|
// Line 232
|
|
$sql->db_Select("advmedsys_awarded", "*", "WHERE awarded_user_id = $sub_action","");
|
|
|
|
Example URL: http://site.com/plugins/advmedsys_view.php?profile.*SQL HERE* |