Dora Emlak Script SQL注入漏洞

Dora Emlak Script是一款基于PHP的WEB应用程序。 Dora Emlak Script不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或可能操作数据库。 测试方法 Dora Emlak 2.0 目前没有解决方案提供： http://www.aspindir.com/goster/5027...

dora-sql.txt

Dora Emlak Script v2.0 SQL Injection Vulnerability Software: Dora Emlak Script v2.0 Download: not free 300 YTL Sales: http://www.aspindir.com/goster/5027 Demo: http://www.doraittifaki.com/dorav2/ Found By: GeFORC3 | G3 Exploit: http://www.example.com/dorav2/emlakdetay.asp?id= SQL...

dora-bypass.txt

Dora Emlak Script v1.0 tr Admin Login ByPass ilker kandemir Download: http://aspindir.com/goster/5027 TnX.: Ajann, Dumenci, H0tTurk, Str0ke Bug in ../dora/administartor/yonetim/patron/default.asp 1 and cookSecondLevel 1 Then 'Eger 1. ve 2. Seviye Sessionlar 1den Farkliysa % Admin Login Panel:...

Dora Emlak Script v1.0 (tr) Admin Login ByPass

Dora Emlak Script v1.0 tr Admin Login ByPass ilker kandemir ilkerkandemiratmynet.com Download: http://aspindir.com/goster/5027 TnX.: Ajann, Dumenci, H0tTurk, Str0ke Bug in ../dora/administartor/yonetim/patron/default.asp cookFirstLevel = Session"FirstLevelSecurity" 'Ilk Gьvenlik Session...

doraemlak-xsssql.txt

Dora Emlak Script v1.0 XSS & sql injection Vulnerability. Software: Dora Emlak Script v1.0 download: http://www.aspindir.com/goster/5027 demo: http://www.fatihkaratas.info/dora/ Found By: GeFORC3 G3 Exploit: 1-http://www.example.com/dora/default.asp?goster=iletisim You write xss code in page's te...

Dora Emlak 1.0 Script - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/25004/info Dora Emlak Script is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker ...