Akiva WebBoard 8.x – SQL Injection

• Exploit Database
• 111 阅读

• 作者： Alexander Fuchs
  日期： 2011-12-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18293/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

  # Exploit Title: Akiva Webboard 8.x SQL Injection + Plaintext Passwords in Profiles. # Google Dork: " /Powered by WebBoard 8"/ # Date: 30.12.2011 # Author: Alexander Fuchs # Software Link: http://www.akiva.com/default.asp?l=1&id=8 # Version: 8.x # Tested on: Windows, Linux. # CVE :Nope.   It is possible to login as administrator with admin'-- as username and password. You can now go in theadmin profil to look at the password which is in plaintext in html.