|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 86
Members: 0
Total: 86
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
A hard SQL bug, Exploitable? Good injector? |
|
Posted: Thu Jul 01, 2010 9:43 pm |
|
|
kr0k0 |
Advanced user |
|
|
Joined: Jan 26, 2008 |
Posts: 128 |
|
|
|
|
|
|
|
Ummm, take a look and you will understand..
Code: | /?idwp=484d242e0cf899.31823007 |
Work!
Code: | /?idwp=484d242e0cf899.31823007/*
/?idwp=484d242e0cf899.31823007--
/?idwp=484d242e0cf899.31823007)--
/?idwp=484d242e0cf899.31823007')--
/?idwp=484d242e0cf899.31823007'/* |
Work but doesnt give the right page..
But once I try to change input parameters to []..It give an error SQL..
Code: | /?idwp[]=484d242e0cf899.31823007 |
Code: | (mysql): select * from ECPweb where ( ECPweb.IsPublic='2' ) and ECPweb.0='484d242e0cf899.31823007' 1054: Unknown column 'ECPweb.0' in 'where clause' |
I tried with ' and ') and.. Look what I've got;
Code: | /?idwp[]=484d242e0cf899.31823007' |
Code: | (mysql): select * from ECPweb where ( ECPweb.IsPublic='2' ) and ECPweb.0='484d242e0cf899.31823007\'' 1054: Unknown column 'ECPweb.0' in 'where clause' |
So, its exploitable or no way? |
|
|
|
|
|
|
|
|
Posted: Sat Jul 03, 2010 6:17 pm |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
You can send me a pm with the site URL if you want? |
|
|
|
|
Posted: Sat Jul 03, 2010 7:23 pm |
|
|
kr0k0 |
Advanced user |
|
|
Joined: Jan 26, 2008 |
Posts: 128 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|