2 matches found
Sql injection
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter...
Dokeos 1.6.5 - 'courseLog.php?scormcontopen' SQL Injection
!/usr/bin/perl -w Dokeos = 1.6.5 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code courseLog.php: if $GET'scormcontopen' includeonceapigetlibrarypath.'/database.lib.php'; include'../scorm/XMLencode.php';...