Akiva WebBoard 8.x – SQL Injection

• Exploit Database
• 19 阅读

• 作者： Alexander Fuchs
  日期： 2011-12-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18293/

• # Exploit Title: Akiva Webboard 8.x SQL Injection + Plaintext Passwords 
  in Profiles.
  # Google Dork: " /Powered by WebBoard 8"/
  # Date: 30.12.2011
  # Author: Alexander Fuchs
  # Software Link: http://www.akiva.com/default.asp?l=1&id=8
  # Version: 8.x
  # Tested on: Windows, Linux.
  # CVE :Nope.
  
  It is possible to login as administrator with admin'-- as username and 
  password.
  You can now go in theadmin profil to look at the password which is in
  plaintext in html.