Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

From: ajannhwt () hotmail com
Date: 25 May 2006 07:04:46 -0000
ENGLISH

# Title  :   Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

# Author :   ajann

# Exploit;

SQL INJECT&#304;ON--------------------------------------------------------

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL TEXT

###http://[target]/[path]/admin/index.asp

Email address:  SQL TEXT
Password: SQLTEXT

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL TEXT

###post_message.asp

Message Subject: SQL TEXT

Message Text: SQL TEXT

.
..
.....


# ajann,Turkey


TURKISH

# Basl&#305;k          :   Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities
# Aç&#305;&#287;&#305; Bulan     :   ajann
# Aç&#305;k bulunan dosyalar;

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL SORGUNUZ

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL SORGUNUZ

###http://[target]/[path]/admin/index.asp

Email address:  SORGUNUZ
Password: SORGUNUZ

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL SORGUNUZ

###post_message.asp

Message Subject: SORGUNUZ

Message Text: SORGUNUZ

.
..
.....

Ac&#305;klama: 
K&#305;sacas&#305; bütün dosyalarda : ) bulunan filtrelem eksikli&#287;i nedeniyle dbden bilgi cekilebilmektedir.

# ajann,Turkiye
Previous By Date Next
Previous By Thread Next

Current thread: