Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

ajannhwt Fri, 26 May 2006 11:58:06 -0700

ENGLISH


# Title  :   Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities


# Author :   ajann


# Exploit;


SQL INJECT&#304;ON--------------------------------------------------------


###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT


###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL TEXT


###http://[target]/[path]/admin/index.asp


Email address:  SQL TEXT

Password: SQLTEXT


###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL TEXT


###post_message.asp


Message Subject: SQL TEXT


Message Text: SQL TEXT


.

..

.....



# ajann,Turkey



TURKISH


# Basl&#305;k          :   Tamber Forum <= 1.9.13 Multiple SQL Injection 
Vulnerabilities

# Aç&#305;&#287;&#305; Bulan     :   ajann

# Aç&#305;k bulunan dosyalar;


###http://[target]/[path]/show_forum.asp?frm_id=55'SQL SORGUNUZ


###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL SORGUNUZ


###http://[target]/[path]/admin/index.asp


Email address:  SORGUNUZ

Password: SORGUNUZ


###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL SORGUNUZ


###post_message.asp


Message Subject: SORGUNUZ


Message Text: SORGUNUZ


.

..

.....


Ac&#305;klama: 

K&#305;sacas&#305; bütün dosyalarda : ) bulunan filtrelem eksikli&#287;i 
nedeniyle dbden bilgi cekilebilmektedir.


# ajann,Turkiye

Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

Reply via email to