URL Shortener Script 1.0 – SQL Injection

• Exploit Database
• 55 阅读

• 作者： M.Jock3R
  日期： 2011-10-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17937/

• ===================================================================================
  url shortener script 1.0 sql injection Vulnerabilities
  ===================================================================================
  
  # Exploit Title: url shortener script 1.0 sql injection Vulnerabilities
  # Author: M.Jock3R
  # Script Support Link: http://djpate.com/
  # Download Script: http://www.phpkode.com/scripts/item/url-shortener-script/
  # Category:: webapps
  # Tested on: windows XP Sp2 FR
   
  ===================================================================================
  
  Vuln file : show.php
   
  Vuln Code : 
  
  	if($_GET['id']){
  		require("mysql.php"); 
  		$id = addslashes($_GET['id']);
  		$getUrl = mysql_query("select url from urls where id = $id");
  		
  Exploit:
   
  http://localhost/url-shortener-script/show.php?id=[Inj3ct]
   
  ===================================================================================
   
  Greets To :
  adelsbm / attiadona/ Wjunction forum
  ---------------------------------
  I Love you Mindy
  ---------------------------------
  Email : madrido.jocker@gmail.com
   
  THANKS TO ALL ALGERIANS HACK3RS
  ===================================================================================