Janito SQL injection Vulnerability

2012.09.27

Credit: The Black Devils

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: janito inurl:page.php?PageId=

# Exploit Title: Janito sql injection Vulnerability
# Date: 26/09/2012
# Author: The Black Devils
# Home: 1337day Exploit DataBase 1337day.com
# Software Link: http://www.t-sites.de/
# Category : [ webapps ]
# Dork : janito inurl:page.php?PageId=
# Type : php
# Tested on: [Windows] & [Ubuntu]
-------------------------------
http:\Localhost\page.php?PageId= sql injection
-------------------------------
# Demo site:
http://www.schoenXXXsfarm-waldesruh.de/system/page.php?PageId=26
http://www.rechtsXXXwalt-eberbach.de/system/page.php?PageId=31
http://www.berXXboettcher.de/system/page.php?PageId=45
#------------------
Contact:
https://www.facebook.com/DevilsDz
https://www.facebook.com/necesarios
#------------------
Mohamed Rassoul Allah

References:

https://www.facebook.com/DevilsDz

https://www.facebook.com/necesarios

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Janito SQL injection Vulnerability

Dork: janito inurl:page.php?PageId=

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.