0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
60CycleCMS - (news.php) SQL Injection Vulnerability
# Exploit Title: 60CycleCMS 2.5.2 - 'news.php' SQL Injection # Exploit Author: Unkn0wn # Vendor Homepage: http://davidvg.com/ # Software Link: https://www.opensourcecms.com/60cyclecms # Version: 2.5.2 # Tested on: Ubuntu # CVE : N/A --------------------------------------------------------- SQL Injection vulnerability: ---------------------------- in file /common/lib.php Line 64 -73 * function getCommentsLine($title) { =09$title =3D addslashes($title); =09$query =3D "SELECT `timestamp` FROM `comments` WHERE entry_id=3D '$title= '"; =09// query MySQL server =09$result=3Dmysql_query($query) or die("MySQL Query fail: $query");=09 =09$numComments =3D mysql_num_rows($result); =09$encTitle =3D urlencode($title); =09return '<a href=3D"post.php?post=3D' . $encTitle . '#comments" >' . $num= Comments . ' comments</a>';=09 } lib.php line 44: * =09$query =3D "SELECT `timestamp`,`author`,`text` FROM `comments` WHERE `en= try_id` =3D'$title' ORDER BY `timestamp` ASC"; * * news.php line 3: * require 'common/lib.php'; *=20 Then in line 15 return query us: * $query =3D "SELECT MAX(`timestamp`) FROM `entries * http://127.0.0.1/news.php?title=3D$postName[SQL Injection] ---------------------------- Cross Site-Scripting vulnerability: File news.php in line: 136-138 : * $ltsu =3D $_GET["ltsu"]; $etsu =3D $_GET["etsu"]; $post =3D $_GET["post"]; * get payload us and printEnerty.php file in line 26-27: * <? echo '<a class=3D"navLink" href=3D"index.php?etsu=3D' . $etsu . '">Older= ></a>'; <? echo '<a class=3D"navLink" href=3D"index.php?ltsu=3D' . 0 . '">Oldest &g= t;>|</a>';=20 * print it for us! http://127.0.0.1/index.php?etsu=3D[XSS Payloads] http://127.0.0.1/index.php?ltsu=3D[XSS Payloads] ---------------------------------------------------------- # @ 2010 - 2020 # Underground Researcher # 0day.today [2024-07-02] #