Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities May 25 2006 07:04AM
ajannhwt hotmail com
ENGLISH

# Title : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

# Author : ajann

# Exploit;

SQL INJECTİON--------------------------------------------------------

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL TEXT

###http://[target]/[path]/admin/index.asp

Email address: SQL TEXT

Password: SQLTEXT

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL TEXT

###post_message.asp

Message Subject: SQL TEXT

Message Text: SQL TEXT

.

..

.....

# ajann,Turkey

TURKISH

# Baslık : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

# Açığı Bulan : ajann

# Açık bulunan dosyalar;

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL SORGUNUZ

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL SORGUNUZ

###http://[target]/[path]/admin/index.asp

Email address: SORGUNUZ

Password: SORGUNUZ

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL SORGUNUZ

###post_message.asp

Message Subject: SORGUNUZ

Message Text: SORGUNUZ

.

..

.....

Acıklama:

Kısacası bütün dosyalarda : ) bulunan filtrelem eksikliği nedeniyle dbden bilgi cekilebilmektedir.

# ajann,Turkiye

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus