|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities
ajannhwt
hotmail.com
Date: Thu May 25 2006 - 02:04:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ENGLISH
# Title : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities
# Author : ajann
# Exploit;
SQL INJECTİON--------------------------------------------------------
###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT
###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL TEXT
###http://[target]/[path]/admin/index.asp
Email address: SQL TEXT
Password: SQLTEXT
###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL TEXT
###post_message.asp
Message Subject: SQL TEXT
Message Text: SQL TEXT
.
..
.....
# ajann,Turkey
TURKISH
# Baslık : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities
# Açığı Bulan : ajann
# Açık bulunan dosyalar;
###http://[target]/[path]/show_forum.asp?frm_id=55'SQL SORGUNUZ
###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL SORGUNUZ
###http://[target]/[path]/admin/index.asp
Email address: SORGUNUZ
Password: SORGUNUZ
###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL SORGUNUZ
###post_message.asp
Message Subject: SORGUNUZ
Message Text: SORGUNUZ
.
..
.....
Acıklama:
Kısacası bütün dosyalarda : ) bulunan filtrelem eksikliği nedeniyle dbden bilgi cekilebilmektedir.
# ajann,Turkiye
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]