Promocion Web SQL Injection

2012.08.17

Credit: Th4 MasK

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: intext:\"Diseno web y Promocion web\"

~ Exploit Title:  Promocion Web SQL njecktion

~ Author: Th4 MasK

~ Vendor: http://www.comunica-web.com/promocion-web.php

~ Date : 16.08.2012

~ Platform : Php

~ Tested On : BackTrack 

 ~ Dork : intext:"Dise&#241;o web y Promocin web"
 
# ~ #
 
~ Demo Site :

~ http://www.eke.es/index.php?id_categoria=51[SQL]

Exploit ;

#> Database 

ekees_eketienda

# ~ #

~ Greetz: http://th4mask.blogspot.com ~ DarkdevilZ.iN

# ~ #

References:

http://www.comunica-web.com/promocion-web.php

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Promocion Web SQL Injection

Dork: intext:\"Diseno web y Promocion web\"

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.