Bài liên quan
=================================================
[+] Bug Mod Fun Shop
[+] Date: 09/06/2014
[+] Risk: High
[+] Author: VnDragon - TTCP
[+] Website: http://thegioingam[dot]org
[+] Url Mod: http://www.vietvbb.vn/up/showthread.php?t=43945
[+] Contact: vndragon1995@gmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: fshop_dobuy.php and fshop_eventid.php
==================================================
Source exploit:
Line 2: SQL query: ...."WHERE id = '".$_GET['id']."'";
[+] Bug Mod Fun Shop
[+] Date: 09/06/2014
[+] Risk: High
[+] Author: VnDragon - TTCP
[+] Website: http://thegioingam[dot]org
[+] Url Mod: http://www.vietvbb.vn/up/showthread.php?t=43945
[+] Contact: vndragon1995@gmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: fshop_dobuy.php and fshop_eventid.php
==================================================
Source exploit:
Line 2: SQL query: ...."WHERE id = '".$_GET['id']."'";
How to exploit:
Using http live header change ID on post.
Using http live header change ID on post.
How to fix:
using GPC_on or mod_security.
using GPC_on or mod_security.
Thank you for reading.
VnDragon - VHB
Post a Comment
EmoticonClick to see the code!
To insert emoticon you must added at least one space before the code.