18 lines
No EOL
442 B
Text
18 lines
No EOL
442 B
Text
# Exploit Title: PHP Gift Registry 1.5.5 SQL Injection
|
|
# Date: 02/22/12
|
|
# Author: G13
|
|
# Software Link: https://sourceforge.net/projects/phpgiftreg/
|
|
# Version: 1.5.5
|
|
# Category: webapps (php)
|
|
#
|
|
|
|
##### Vulnerability #####
|
|
|
|
The userid parameter in the users.php file is vulnerable to SQL
|
|
Injection.
|
|
|
|
A user must be signed in to exploit this.
|
|
|
|
##### Exploit #####
|
|
|
|
http://localhost/phpgiftreg/users.php?action=edit&userid=[SQLi] |