Phpbb 2.0.5 Sql Injection Password, disclosure Exploit
Chia sẻ: ™——† Lvlr. DK †——™ »»» V.I.P ««« | Ngày: | Loại File: PDF | Số trang:3
lượt xem 9
download
Phpbb 2.0.5 Sql Injection Password, disclosure Exploit #!/usr/bin/perl -w # # # phpBB password disclosure vuln. # - rick patel # # There is a sql injection vuln which exists in /viewtopic.php file. The variable is $topic_id # which gets passed directly to sql server in query. Attacker could pass a special sql string which # can used to see md5 password hash for any user (!) for phpBB. This pass can be later used with # autologin or cracked using john. # # Details: # # this is checking done for $topic_id in viewtopic.php: # # if ( isset($HTTP_GET_VARS[POST_TOPIC_URL])...
Bình luận(0) Đăng nhập để gửi bình luận!
CÓ THỂ BẠN MUỐN DOWNLOAD