Duhok Forum 1.1 SQL Injection

2011.05.30

Credit: M.Jock3R

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

===================================================================
DuhokForum <= 1.1 (index.php) SQL Injection Vulnerability
===================================================================
 
# Exploit Title: DuhokForum <= 1.1 (index.php) SQL Injection Vulnerability
# Date: 28-05-2011
# Author: M.Jock3R
# Vendor or Software Link: http://www.duhoktimes.com/df/?file=duhokforum-1.1
# Version: 1.1
# Category:: webapps
# Google dork: duhokFrm 1.1 ? Dilovan 2007 - 2008
# Tested on: windows XP Sp2 FR
# Demo site: http://forum2009.eb2a.com/index.php?mode=f&f=1'
 
Exploit:
http:localhost/duhokfrm/index.php?modd=[Inj3ct Here ;)]
 
===================================================================
Greets To :
 
Adelsbm / attiadona / Wjforum
 
mail : madrido.jocker@gmail.com
 
THANKS TO ALL ALGERIAN HACK3R, FOR FREE GAZA
===================================================================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Duhok Forum 1.1 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.